A Machine Learning Based Approach to Identify SQL Injection Vulnerabilities
| Title | A Machine Learning Based Approach to Identify SQL Injection Vulnerabilities |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Zhang, Kevin |
| Conference Name | 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) |
| Date Published | Nov. 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-2508-4 |
| Keywords | Collaboration, Deep Learning, Human Behavior, Metrics, policy-based governance, prediction model, privacy, pubcrawl, resilience, Resiliency, SQL detection, SQL Injection, Vulnerability |
| Abstract | This paper presents a machine learning classifier designed to identify SQL injection vulnerabilities in PHP code. Both classical and deep learning based machine learning algorithms were used to train and evaluate classifier models using input validation and sanitization features extracted from source code files. On ten-fold cross validations a model trained using Convolutional Neural Network(CNN) achieved the highest precision (95.4%), while a model based on Multilayer Perceptron(MLP) achieved the highest recall (63.7%) and the highest f-measure (0.746). |
| URL | https://ieeexplore.ieee.org/document/8952467 |
| DOI | 10.1109/ASE.2019.00164 |
| Citation Key | zhang_machine_2019 |