Detecting SQL Injection Attacks in Cloud SaaS using Machine Learning

Software as a Service (SaaS) has been adopted in a fast pace for applications and services to run on software cloud platform. However, the success of SaaS in cloud computing cannot obscure the security challenges faced by the web applications deployed on cloud SaaS. Like other web-based systems, cloud applications are prone to most of the common web attacks. The SQL injection attack is one of the most potential threat to a SaaS application. This may result in loss of sensitive and important data (e.g., financial, personal). Through this kind of attacks, the attacker can steal critical and confidential information to a business or an organization leading to high impact on tangible (e.g., data) and intangible (e.g., reputation) assets. The purpose of this research is to investigate the potential of using machine learning techniques for SQL injection detection on the application level. The algorithms to be tested are classifiers trained on different malicious and benign payloads. They take a payload as input and decide whether the input contains a malicious code or not. The results show that these algorithms can distinguish normal payloads from malicious payloads with a detection rate higher than 98%. The paper also compares the performance of different machine learning models in detecting SQL injection attacks.