Comprehensive review of machine learning models for sql injection detection in e-commerce
1 College of Business and Management, Management Information Systems, University of Illinois Springfield, Springfield, Illinois, USA.
2 Faculty of Engineering, Mechanical Engineering, University of Louisiana, Lafayette, Louisiana, USA.
3 School of Data Science, Data Science and Business Analytics, University of North Carolina, Charlotte, North Carolina, USA.
4 Sam M. Walton College of business, Applied Business Analytics, University of Arkansas, Fayetteville, Arkansas, USA.
5 College of Graduate Studies, Computer Science, Austin Peay State University, Clarksville, Tennessee, USA.
6 College of Public Affairs and Education, School of Public Management and Policy, University of Illinois Springfield, Springfield, Illinois, USA.
Review Article
World Journal of Advanced Research and Reviews, 2024, 23(01), 451–465
Article DOI: 10.30574/wjarr.2024.23.1.2004
Publication history:
Received on 25 May 2024; revised on 01 July 2024; accepted on 04 July 2024
Abstract:
With the steady expansion of online commerce, e-commerce sites have become increasingly attractive targets for hackers. These sites serve millions of customers and often hold valuable, confidential, and sometimes financial information in their databases. One particularly dangerous type of attack is SQL injection, which exploits vulnerabilities in web applications to influence backend databases, posing significant threats to such platforms. Traditional defenses like desktop firewalls, input validation, and parameterized queries provide some level of protection but are often insufficient against newer injection variations and sophisticated attackers. The utilization of machine learning to enhance cybersecurity against more advanced threats has been demonstrated as a promising approach.
This systematic review examines how various machine learning algorithms are applied to detect SQL injection attacks that could potentially harm e-commerce systems. By identifying and analyzing the relevant literature, this review highlights the effectiveness of different algorithms and their practical applications in enhancing the security of online commerce platforms. More specifically, five techniques were assessed on both real and synthetic datasets: Logistic Regression, Naive Bayes, Random Forest, Artificial Neural Network, and two combined models (Logistic Regression & Naive Bayes, and Artificial Neural Network & Random Forest). The findings indicate that Random Forest performed better than other algorithms in the decision tree family, attributed to its ability to balance precision and recall effectively. However, limitations such as using a single dataset and the computational complexity of some models were noted.
This review provides insights for practitioners on selecting appropriate detection models and outlines approaches to address current limitations through future work. Addressing these limitations could involve using more diverse datasets, optimizing computational efficiency, and exploring advanced ensemble methods and neural network architectures.
Keywords:
SQL injection; Machine learning; Cybersecurity; E-commerce; Random Forest; Real-time prediction;
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0