Abstract/Summary

The proliferation of communication technology and the Internet of Things (IoT) has led to unprecedented levels of information flow, accompanied by a surge in cyber-attacks, crime, and fraudulent activities exploiting online channels. Among these threats, SQL Injection remains a significant concern due to its potential to compromise the confidentiality, integrity, and availability of web databases. According to the Open Web Application Security Project (OWASP), injection vulnerabilities are among the most common and dangerous attacks on web applications. SQL Injection attacks, which can provide unrestricted access to databases and enable the exfiltration of sensitive information, were chosen as the focus of this research due to their persistent threat. Despite efforts to prevent SQL Injection attacks, existing methods are often inadequate against evolving attack vectors and sophisticated evasion techniques. This thesis presents a multi-phase algorithmic framework for the detection and prevention of SQL Injection attacks, aiming to enhance the security posture of web applications and databases. The framework leverages advanced machine learning and deep learning techniques to improve detection accuracy as well as reduce the number of false alarms and enable real-time prevention of SQL Injection attacks. By systematically addressing challenges such as dataset scarcity, feature extraction efficiency, and the identification of new attack patterns, the proposed framework offers a comprehensive defence mechanism against SQL Injection threats. Through empirical research involving data collection, feature extraction, classifier training, and evaluation, this study has demonstrated the effectiveness of the proposed framework in accurately detecting both known and novel SQL Injection attacks. The research has extended to the development of a model that adapts to evolving attack techniques, minimises false alarms, and integrates seamlessly with existing security infrastructure. By addressing the persistent challenge of SQL Injection attacks, this thesis has contributed to ongoing efforts to enhance cybersecurity and safeguard sensitive information in the digital age.