Traditional rule-based SQL injection detection methods are increasingly ineffective against modern obfuscation techniques. This work explores the shift from static rules to machine learning–based dynamic detection through a comprehensive comparative study. Using the CSIC-2010 dataset (over 36,000 normal and 12,500 malicious requests), we evaluate five models—Logistic Regression, Decision Tree, Support Vector Machine (SVM), Random Forest, and Gradient Boosting—employing character-level TF-IDF features and MaxAbsScaler normalization. A full detection pipeline is constructed, integrating preprocessing, model training, and API encapsulation for deployment. Experimental results show that ensemble models outperform traditional approaches in accuracy and recall, while SVM and Logistic Regression achieve competitive performance with lower complexity. These findings highlight the limitations of rule-based defenses and validate machine learning as a technically superior and practical paradigm for real-time SQL injection detection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

From Rule-Based Defense to Machine Learning: A Comparative Study on SQL Injection Detection

  • Li Yaxing,
  • Han Yu

摘要

Traditional rule-based SQL injection detection methods are increasingly ineffective against modern obfuscation techniques. This work explores the shift from static rules to machine learning–based dynamic detection through a comprehensive comparative study. Using the CSIC-2010 dataset (over 36,000 normal and 12,500 malicious requests), we evaluate five models—Logistic Regression, Decision Tree, Support Vector Machine (SVM), Random Forest, and Gradient Boosting—employing character-level TF-IDF features and MaxAbsScaler normalization. A full detection pipeline is constructed, integrating preprocessing, model training, and API encapsulation for deployment. Experimental results show that ensemble models outperform traditional approaches in accuracy and recall, while SVM and Logistic Regression achieve competitive performance with lower complexity. These findings highlight the limitations of rule-based defenses and validate machine learning as a technically superior and practical paradigm for real-time SQL injection detection.