Version 1
: Received: 23 October 2024 / Approved: 24 October 2024 / Online: 24 October 2024 (10:27:16 CEST)
How to cite:
Le, T.-T.-H.; Hwang, Y.; Choi, C.; Wardhani, R. W.; Putranto, D. S. C.; Kim, H. Enhancing SQL Injection Detection with Trustworthy Ensemble Learning and Boosting Models Using Local Explanation Techniques. Preprints2024, 2024101878. https://doi.org/10.20944/preprints202410.1878.v1
Le, T.-T.-H.; Hwang, Y.; Choi, C.; Wardhani, R. W.; Putranto, D. S. C.; Kim, H. Enhancing SQL Injection Detection with Trustworthy Ensemble Learning and Boosting Models Using Local Explanation Techniques. Preprints 2024, 2024101878. https://doi.org/10.20944/preprints202410.1878.v1
Le, T.-T.-H.; Hwang, Y.; Choi, C.; Wardhani, R. W.; Putranto, D. S. C.; Kim, H. Enhancing SQL Injection Detection with Trustworthy Ensemble Learning and Boosting Models Using Local Explanation Techniques. Preprints2024, 2024101878. https://doi.org/10.20944/preprints202410.1878.v1
APA Style
Le, T. T. H., Hwang, Y., Choi, C., Wardhani, R. W., Putranto, D. S. C., & Kim, H. (2024). Enhancing SQL Injection Detection with Trustworthy Ensemble Learning and Boosting Models Using Local Explanation Techniques. Preprints. https://doi.org/10.20944/preprints202410.1878.v1
Chicago/Turabian Style
Le, T., Dedy Septono Catur Putranto and Howon Kim. 2024 "Enhancing SQL Injection Detection with Trustworthy Ensemble Learning and Boosting Models Using Local Explanation Techniques" Preprints. https://doi.org/10.20944/preprints202410.1878.v1
Abstract
This paper presents a comparative analysis of several decision models for detecting Structured Query Language (SQL) injection attacks, which remain one of the most prevalent and serious security threats to web applications. SQL injection enables attackers to exploit databases, gaining unauthorized access, and manipulating data. Traditional detection methods often struggle due to the constantly evolving nature of these attacks, the increasing complexity of modern web applications, and the lack of transparency in the decision-making processes of machine learning models. To address these challenges, we evaluated the performance of various models, including Decision Tree, Random Forest, XGBoost, AdaBoost, Gradient Boosting Decision Tree (GBDT), and Histogram Gradient Boosting Decision Tree (HGBDT), using a comprehensive SQL injection dataset. The primary motivation behind our approach is to leverage the strengths of ensemble learning and boosting techniques to enhance detection accuracy and robustness against SQL injection attacks. By systematically comparing these models, we aim to identify the most effective algorithms for SQL injection detection systems. Our experiments show that Decision Tree, Random Forest, and AdaBoost achieved the highest performance, with an accuracy of 99.50% and an F1 score of 99.33%. Additionally, we applied SHapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) for local explainability, illustrating how each model classifies normal and attack cases. This transparency enhances the trustworthiness of our approach in detecting SQL injection attacks. These findings highlight the potential of ensemble methods to provide reliable and efficient solutions for detecting SQL injection attacks, thereby improving the security of web applications.
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.