A Novel Algorithm to Detect and Prevent SQL Injection Attacks for Web Applications using Query Comparison Technique
preprint
OA: closed
Abstract
Abstract SQL Injection attacks (SQLiAs) have gained popularity among hackers since they can create massive impacts on digital platforms. SQLiAs may penetrate the security frameworks and can modify or destroy underlying databases. These attacks may steal valuable or/and confidential information from database-driven applications. It is therefore necessary to protect web applications from SQLiA attacks. Automatic SQLiAs detection and prevention mechanism is required to protect internet exposed applications from SQLiAs vulnerabilities. A novel algorithm is proposed based on query comparison logic to detect the SQL injection vulnerabilities in database-driven applications. This method compares the structure of design-time and run-time queries to identify the presence of SQL injection vulnerabilities. The proposed algorithm should be able to detect and prevent different types of SQL injection attacks like Boolean, tautology, piggybacked queries, illegal queries, union queries, stored procedure etc. This algorithm should be flexible enough so that developers can integrate it with the existing vulnerable web application and it works as a shield to protect the legacy web applications from SQL injection attacks. The proposed approach tested on GITHUB open source data set and the result is very satisfactory with an accuracy of 93% to 98%.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00