A Cybersecurity Method to Detect SQL Injection Attacks Using Heuristic‑Driven Feature Selection and Machine Learning Algorithms

Abstract

SQL injection is a serious security risk that allows attackers to access application databases. SQL injection attacks can be identified using various methods, including machine learning algorithms. Finding the top-performing features in the training dataset is a combinatorial optimization problem known to be NP-complete. Finding the dataset’s most effective and significant features is the goal of feature selection. This study aims to optimize the sensitivity, specificity, and accuracy of the SQL injection detection method. The first stage of the suggested method involved creating a unique training dataset with 13 characteristics. A binary form of the Whale Optimization Algorithm was suggested to find the most effective features in the dataset. An effective SQL injection detection system was developed by combining the whale algorithm as a feature selector with various machine learning techniques. The suggested SQL injection detector achieved 98.88% accuracy, 99.35% sensitivity, and a 98.83% F1-score using an artificial neural network and the whale optimizer. Using the proposed strategy to select about 31% of the features improved the performance of the attack detectors.