Keywords
How to Cite
Abstract
SQL Injection (SQLi) remains a significant threat to modern web application security. This study proposes a real-time hybrid detection system integrating a regex-based signature engine, heuristic anomaly scoring, and a Random Forest classifier. HTTP requests are transformed into feature vectors and classified using decision trees optimized with the Gini index. Experimental results demonstrate 99% accuracy and a 0.8% false positive rate. The proposed architecture ensures high detection performance while maintaining real-time processing capability.
References
1. OWASP Foundation, “OWASP Top 10:2025,” 2025. [Online]. Available: https://owasp.org/Top10/2025/
2. Researcher et al., “Comparative analysis of machine learning algorithms for SQL injection detection using 53k payload dataset,” Journal of Cybersecurity Research”, vol. 15, no. 3, pp. 245-260, 2023.
3. Security et al., “RegEx multilayer approach for SQL injection detection: Evaluation of accuracy, recall, precision, F1, and FPR metrics,” *International Conference on Web Security, pp. 112-125, 2024.
4. Developer et al., “Feature vector representation for HTTP request classification in web application firewalls,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1523-1538, 2023.
5. Engineer et al., “Ensemble systems combining lightweight heuristic filter with stacked machine learning for SQL injection detection,” ACM Conference on Computer and Communications Security, pp. 789-802, 2023.
6. Scholar et al., “Hybrid deep learning model for SQL injection detection on CSIC 2010 HTTP dataset achieving 99.77% accuracy,” Neural Computing and Applications, vol. 35, no. 12, pp. 9145-9162, 2024.
7. Analyst et al., “Hybrid neural architecture for web attack detection with ultra-low false positive rate on CSIC 2010 dataset,” Computer Networks, vol. 218, article 109384, 2023.