Abstract:
SQL (structured query language) injection is one of the threats to database-driven applications. In application source code, checking the SQL injection vulnerability is vital hence identified as the common attack on database-driven application. By implementing SQL injection, the attacker can gain full access to the application or database so that it provides unauthorized access for attackers. Although there are many readily available SQL injection attack detection tools, helping software developers in checking open-source projects and software is limited. The open-source code repository enables developers to collaborate on development and to report issues for the developer. Hence, it becomes a huge resource for software project information.
In this study, a method to detect SQL injection attacks based using ontology-based machine learning techniques is proposed. The research came up with the SQL injection tool developed which integrated an ontology-based machine learning technique. The ontology is developed from issues and pull requests of the open-source code repository. It proposes SQL injection ontology for detecting SQL injection attack vulnerability in software project. The proposed ontology was evaluated by checking its completeness and its validity using manual tagging. The results have demonstrated that the proposed ontology is complete and valid. The knowledge acquired from the ontology is used to check for known SQLi vulnerability. The SVM algorithm classifier was trained with the SQL query dataset. Moreover, to measure the effectiveness of the system, detection experiments have been performed for some projects. The system is tested with the selected project from the open-source repository. The developed prototype considers the common SQLi vulnerabilities and meets its design requirements.
