Prevention of Sql Injection Attacks Using

LightGBM
D.Rashmi1, N.Anvesh2 , CH.Sai Hanisha3 , G.Shravya4 ,Preethi Jeevan5

1,2,3,4 Student , Department of Computer Science and

Engineering
5
Associate Professor, Department of Computer Science and Engineering

ABSTRACT One of the most popular and the basic type of cyber attacks that implement arbitary malicious
code to obtain the sensitive and the confidential information of a client or an organisation residing in the
database are the SQL injection attacks. The underneath paper aims in hampering an overview and the
vulnerabilities caused due to the sql injection attack.Based on this analysis we try to study various preventive
solutions and one of this include preventing it with the help of the LightGBM algorithm. It also focuses on
the different stages of the working model and the future application of the particular algorithm in various
methods.

I.INTRODUCTION II. LITERATURE SURVEY:

A lot of cyber-physical systems are vital for safety
and need to be protected from cyberattacks and
unplanned malfunctions. One of the strongest risks
is SQL injection attacks (SQLIA). SQLIAs use
malicious SQL code to corrupt backend databases
and get access to sensitive data, including private
consumer information or confidential company data.
As of 2023, they were ranked sixth in the Common
Weakness Enumeration. These assaults, which were
first noted by cybersecurity researcher Jeff Forristal
in 1998, have the ability to take over an
administrator's account on a database server, spoof
identities, expose, alter, destroy, or render data
unavailable. Error disclosure, insufficient input
validation, and the combination of code and data in
dynamic SQL statements are the main problems that
lead to SQLIAs. Strong input validation and the
usage of parameterized queries, including
prepared statements, provide significant
security, even if there is no one-size-fits-all
solution to totally prevent SQLIAs.
Furthermore, deep learning and artificial
intelligence models can evaluate past attack
data, identify trends, and forecast upcoming
assaults, improving defences against SQL
Intrusion assaults. Moreover, vulnerabilities can
be found before they are exploited with the use
of frequent security audits and ongoing
monitoring.
By combining these tactics, businesses may
protect their vital systems and data while
drastically lowering the threat that SQL
injection attacks provide.
Existing approaches to addressing SQL Injection
(SQLI) involve various strategies, such as statistical
analysis, dynamic analysis, or hybrid strategies. The
aforementioned methods tackle web application
vulnerabilities, covering facets like scanning, input
validation, parameterized queries, regular software
updates, security audits, code reviews, and Web
Application Firewalls (WAF). Upon careful
investigation of current machine learning
algorithms, including XGBOOST, SVM, Logistic
Regression, K-nearest neighbor (KNN), Random
Forest, Decision Tree, Neural Network (Deep
Learning), Gradient Boosting Machines (GBM),
linear regression, Principle Component Analysis
(PCA), we have identified methodologies that
enhance preclusion against SQL attacks. These
algorithms play a pivotal role in preventing SQL
intrusion by providing supply chain optimization,
fraud detection, and improving efficiency and
quality through the use of Natural Language
Processing (NLP).
III. PROPOSED
MODEL:
A.METHODOLOGY:
The methodology is helpful for the user to
implement the decisions in a more effective way.
The terminology “analysis of system” and“
analysis of requirements” are identical. In orderto
deliver the requirements to the user a particular
process is required. This process mainly involves
imagination and dividing the system into several
constituents which helps in better analysis of the
structure and evaluating the goals of a project.
The pictorial representation portraits the
functionalities of a software, generally the user
produces a SQL traffic attack before the pre-
processing of the data is performed the data is sent
to the software and then it is processed and the
process of data cleaning takes place, at long last the
machine learning models are related with the data
and best benefited model is determined.
The process of evolving the data, modules,
architecture and interfaces is known as System
design. The advance towards producing System
design is drastically incrementing. System design is
also termed as the application of the system
hypothesis for producing a product.
The architecture of a system can be elaborated as
the process in which the user inputs the data to the
system then the process of data cleaning takes place
and a new set of testing data is created by using the
existing cleaned data which is later contributed to
the machine learning models. The data takes formof
a dataset and then it is cleaned. Then this data is
given as an input to the various algorithms and
according to the precision of the data the
unambiguousness model is selected. The major
constituents of the flow pictorial representation are
input data, mode, Prediction.
B.ALGORITHM:
LIGHT GBM:
Light gradient boosting machine which is also
termed as light GBM itis constructed using decision
trees and are also applied in the process of
classification. It is a type of boosting platform
which is contributed by the Microsoft for various
machine learning algorithms. It is widely popular
because it is a free and an open source. This
advancement in the structure plays a crucial role in
performance. This particular framework supports
various algorithms like MART, GBM, GBDT,
GBM, GBT. The main advantages are multiple loss
functions, regularization, sparse optimization,
training in parallel etc.
The GBM uses the tree structure. It does not grow
row wise instead it increases its size in ground up
and a single at once. It is not like the
previousmassive applications. Instead of using the
sorteddecision tree implementation machine
learning technique, which is identical to XGBoost
and its variants, Light GBM makes use of the
optimal division point on histograms and preserves
memory,which improves speed. It runs multiple
methods,including gradient- based one-side
sampling (GOSS) and exclusive feature bundling
(EFB).
The numerous version of light GBM can cortege a
CTR predictor on the special dataset like criteo
dataset. It can be executed on Linux, C++,C#, R,
Python.
VARIATION OF LIGHT GBM AND TREE-
BASE ALGORITHM:
The standard tree based algorithm develops in a
horizontal manner whereas the Light GBM
develops in a vertical manner. The major distinction
lies as the tree based increments in level by level
and the other in leaf by leaf process. The below
pictorial representation is a portrait of the tree base
algorithm and Light GBM.
B.RESISTANCE OF LIGHT GBM:
The term Light GBM is comprised of word light
which defines the speediness that is equivalent to
the speed of light. It occupies minimal amount of
space but can tackle humongous amount of data.
It expands the data in an exponential format and
uses typical methodologies for producing hasty
results. It is popular among various data scientists
due to its GUI implementation in applications based
on data science.
C.BENEFITS OF LIGHT GBM:
1. It is capable of handling humongous datasets with
in a minimal training period unlike XGBOOST.
2. It comprises of less memory space as it restores
the continuous values with distinct bins.
3. The speed is displayed and divided with the help
of distinct bins using bar-graph processing
technique to speed up the process.
4. As it follows leaf based division but not the tree
based division the accuracy is highly obtained. The
problem of over-fitting is prevailed over by
incrementing the choice of maximum depth.
D.CLAIMS FOR LIGHT GBM:
1. For computing majority problems log loss
objective functions are utilized.
2. To designate things there are many ways.
3. To classify binary data objective function like log
loss is used and it utilizes regression model based
on L.2 loss.
Light GBM is a faster algorithm which uses
machine learning techniques and produces much
accurate results for which it is used more
often.There are gradient process which increases the
performance of non performing trees by few well
known tree based methods known as GBM,
XGBOOST, LGBM. A very few Light GBM are
manual by many settings are chosen to increase its
efficacy. It also enhances the system and maximize
the algorithm to upgrade the framework which is
rudimentary.
THE LIGHTGBM ALGORITHM
Input:
- Training data: \( D = \{(x_1, y_1), (x_2, y_2), \dots,
(x_N, y_N)\} \), where \( y_i \in \{-1, +1\} \)
- Feature space: \( \chi \)
- Loss function: \( L(y, \theta(x)) \)
- Number of iterations: \( M \)
- Big gradient data sampling ratio: \( a \)
- Small gradient data sampling ratio: \( b \)
Procedure:
1. Exclusive Feature Bundling (EFB):
Combine mutually exclusive features \( z_i \)
(features that never accept nonzero values
simultaneously) using EFB technique.
2. Initialize Model Parameters:
Set initial model parameters \( \theta_0 \) to
minimize \( \sum_{(x_i, y_i) \in D} L(y_i, \theta(x_i))
\).
3.Gradient-based Iterations:
For \( m = 1 \) to \( M \) do:
a. Calculate Gradient Absolute Values:
Compute absolute gradient values \( r_i = |
\frac{\partial \zeta(y_i \theta(x_i))}{\partial \phi(x_i)}|
\) with respect to the model parameters, ensuring \
( \theta(x) - \theta_{m-1} \geq 0 \) for all features \
( \phi(x) \).
b.Gradient-based One-Side Sampling
(GOSS): Resample the dataset \( D \) using
GOSS:
- Determine top \( a \times |D| \) instances with
largest gradient values.
- Randomly select \( b \times |D| \) instances from
the remaining dataset.
- Construct a new dataset \( D' = A \cup B \), where
\( A \) contains top instances and \( B \) contains
randomly selected instances.
c. Calculate Information Gains:
Compute information gains \( v_j(d) \) for each
feature \( j \) based on dataset \( D' \):
\[ v_j(d) = \frac{1}{n}
\left( \frac{\left( \sum_{\alpha_{j}\alpha_{i}} r_i +
\frac{1-a}{b} \sum_{\alpha_{j}\alpha_{i}} r_i
\right)^2}{n_i^2(d)} + \frac{\left( \sum_{\alpha_{j}
\alpha_{i}} r_i + \frac{1-a}{b} \sum_{\alpha_{j}
\alpha_{i}} r_i \right)^2}{n_i^2(d)} \right) \]
d. Build a New Decision Tree \( \theta_m(x) \) on
Dataset \( D' \):
Develop a new decision tree \( \theta_m(x) \) using
dataset \( D' \) considering the calculated information
gains.
e. Update Model Parameters:
Update the model parameters:
\[ \theta_m(x) = \theta_{m-1}(x) + \frac{\theta_m}
{x} \]
3. Final Model:
Return the trained model parameters \( \theta(x) =
\theta_M(x) \).
IV. OPTIMISATION OF SYSTEM:
Hardware Optimization is described as the process
of increasing efficiency, improving efficiency and
efficient use of available resources.
Key aspects of hardware optimization involves:
A.CACHE AWARENESS:
The main purpose of cache is to store the most
frequently accessed data and helps in reducing
fetching time.
Instead of fetching data from main memory,
fetching data from cache is more faster. Cache
awareness involves designing algorithm by
considering cache architecture. This helps in
reducing the cache misses and increases accessing
speed. Hence overall performance will be improved.
B.OUT-OF-CORE COMPUTING:
Out-of-core-computing comes into picture when
dealing with datasets that are too large to fit into
available memory. This approach divides the large
dataset into number of chunks. Each and every
chunk is processed sequentially. Instead of loading
entire dataset into memory ,only necessary chunks
are
loaded into memory at a time. This approach helps
us in handling large datasets. It also provides
efficient utilization of storage resources.
Optimization of hardware also involves memory
managemet.In this research, we have come across
different ensemble machine learningtechniques such
as XGBoost, AdaBoost, LGBM and Random forest.
V.UML DIAGRAMS:
UML stands for Unified Modelling Language. It is a
common modelling language for modelling
software projects. It is used for visualizing various
aspects of software systems such as design,
architecture and implementation of software
projects. UML diagram is a language for
visualizing, specifying, constructing, and
documenting the software projects. It is the visual
representation of set of UML things (such as class,
interfaces, state machine etc) and relationship
among them.
VI.FEATURE EXTRACTION:
Feature extraction involves using tokenization to
extract attributes. Tokenization is a process of
dividing SQL queries into number of tokens.
These tokens can be keywords or any individual
units.
Features are the characteristics or properties of the
tokenized queries. Based on the count of some
specific attributes associated with the tokens,
features are identified. These features are extracted
based on the count of elements such as double
quotes, single quotes, keywords, alphabets etc.
Atleast twenty features are extracted for each query.
These features are helpful in detecting SQL
Injection attacks. These features helps in
differentiating legitimate and fraudulent SQL
queries. In order to detect these SQL injection
attacks, involves identifying traits such as stored
procedures, illegal queries and redundancies. The
selected features are helpful in differentiating
legitimate and illegal SQL queries especially those
with SQL Injection Keywords.
VII.CODE:
XGB Classifier:
# Gradient Boosting Classifier (using sklearn)
from sklearn.ensemble import
GradientBoostingClassifier
from sklearn.metrics import accuracy_score,
classification_report
import pandas as pd
# Instantiate the Gradient Boosting Classifier
gb_classifier = GradientBoostingClassifier()
# Fit the model on the training dataset
gb_classifier.fit(train_features, train_labels)
# Predict on training and test datasets
train_pred_gbc =
gb_classifier.predict(train_features)
test_pred_gbc =
gb_classifier.predict(test_features)
# Evaluate performance - Accuracy acc_train_gbc =
accuracy_score(train_labels, train_pred_gbc)
acc_test_gbc = accuracy_score(test_labels, test_pred_gbc)
# Print accuracy results
print("Gradient Boosting: Accuracy on training data:
{:.7f}".format(acc_train_gbc))
print("Gradient Boosting: Accuracy on test data:
{:.7f}".format(acc_test_gbc))
# Generate classification report
classification_report_gbc =
classification_report(test_labels, test_pred_gbc,
classes=[0, 1], support=True)
# Storing the results results_gbc =
pd.DataFrame({
'Model': 'Gradient Boosting', 'Train
Accuracy': acc_train_gbc, 'Test
Accuracy': acc_test_gbc
})

# XGBoost Classifier (using xgboost)
from xgboost import XGBClassifier
# Instantiate the XGBoost Classifier xgb_classifier =
XGBClassifier(learning_rate=0.4, max_depth=7)
# Fit the model on the training dataset
xgb_classifier.fit(train_features, train_labels)
# Predict on training and test datasets
train_pred_xgb
xgb_classifier.predict(train_features)
test_pred_xgb
xgb_classifier.predict(test_features)
# Evaluate performance - Accuracy acc_train_xgb =
accuracy_score(train_labels, train_pred_xgb)
acc_test_xgb = accuracy_score(test_labels,
test_pred_xgb)
# Print accuracy results
print("XGBoost: Accuracy on training data:
{:.7f}".format(acc_train_xgb))
print(" XGBoost: Accuracy on test data:
{:.7f}".format(acc_test_xgb))
# Generate classification report
classification_report_xgb = The aforesaid methodologies are utilized to separate
classification_report(test_labels, test_pred_xgb,
classes=[0, 1], support=True)
# Storing the results results_xgb
= pd.DataFrame({
'Model': 'XGBoost',
'Train Accuracy': acc_train_xgb, 'Test
Accuracy': acc_test_xgb
})
# Support Vector Machine Classifier (using sklearn)
from sklearn.svm import SVC
# Instantiate the Support Vector Machine
Classifier
svm_classifier = SVC(kernel='linear', C=1.0,
random_state=12)
# Fit the model on the training dataset
svm_classifier.fit(train_features, train_labels)
VIII.DATASET
Building and testing machine learning models
targeted at identifying and averting SQL injection
attacks require access to the dataset utilized in this
work. It provides a thorough collection of SQL
queries classified as either dangerous or regular,
sourced from the Open Source Security Foundation
(OSSF) SQL Injection Dataset. The dataset's salient
characteristics comprise the SQL query string itself,
a label designating the query's maliciousness (1) or
normality (0), the query's length, the quantity of SQL
keywords it contains, the count of special characters
(like quotes and semicolons), and a binary indicator
indicating the existence of SQL comments. Through
the use of these attributes, the machine learning model
is better able to recognize harmful patterns in the text
and structure of SQL queries .In order to facilitate the
construction of additional features like query length
and keyword count, preprocessing stages included
tokenizing SQL queries into components like
keywords, operators, and values. To distinguish
= between legitimate and malevolent inquiries, labels
were encoded as binary values. In order to increase
= model accuracy and robustness, methods including
under sampling and oversampling (such as SMOTE, or
Synthetic Minority Over- sampling Technique) were
used to resolve any imbalances in the dataset. This
resulted in a balanced representation of both malicious
and regular searches. The final dataset has a sizable
number of queries that provide a variety of instances
for the model to learn from.The project intends to
further the creation of strong machine learning models
capable of successfully identifying and avoiding SQL
injection attacks, thereby improving cybersecurity
measures, by utilizing this varied and extensive dataset.
IX. TRAINING THE MODEL:
the useful data sets from the other datasets. These data
sets are constructed into a required model and is
trained. For training the data sets we make use of
machine learning algorithm such as LightGBM, is
extracted into our project and are model is trained.
X .TESTING THE MODEL:
To determine the accuracy we perform the testing
phase for our trained data set. The data set obtained
after the training phase is tested using the test data. As
we make use of numerous machine learning
algorithms to categorize and train our data sets
accuracy is a key factor to be considered. The more
accurate our estimated model are the more easier it
becomes to predict the upcoming attacks.
XI. RESULTS
S ML TRAIN TEST
N MODEL 1 ACCURACY ACCURA
O CY
2 XGBoost 1,000 0.998
6 LightGBM 1,000 0.998
7 Gradient 0.997 0.997
Boosting
4 SVM 0.978 0.982
XII. CONCLUSION:
Ultimately, LightGBM's ability to stop SQL
injection assaults is a major improvement
over existing cybersecurity protocols.
Detecting complicated patterns suggestive of
SQLIAs is made possible by the gradient
boosting framework LightGBM, which
delivers high performance and efficiency.
LightGBM is capable of accurately
differentiating between benign and harmful
activity by utilizing historical data and
learning from previous attacks. Enhancing
database security is made easier by its real-
time predictions and its speedy processing of
huge datasets. SQL injection threats can be
significantly reduced when LightGBM is
combined with strong input validation and
parameterized queries, protecting the
confidentiality and integrity of important
data. Using this method offers a dynamic and
robust way to protect against SQLIAs while
simultaneously fortifying an organization's
defensive stance and catering to changing
threats.
ⅩIII. FUTURE SCOPE:
To increase the efficiency of the current model
and to detect all types of sql injection attacks we
can also use other algorithms. We will be
measuring web based application code available.
With integration of sql with Nikto HTTP
scanner, HTTP scanning proxies, and
Metasploit any many more tools we can detect
the attacks.We only built model to intercept the
attacks but we can later enhance the model
which also prevents the attacks and deploy
counter measures.
XIV. REFERENCES:
[1]Sonali Mishra, “SQL Injection Detection
using M a c h i n e L e a r n i n g ” , f r o m h t
tps://
scholarworks.sjsu.edu/cgi/viewcontent.cgi?artic
le=1727context=etdprojects, on23May2019
pp.10 - 29.
[2] Bojken Shehu and Aleksander Xhuvani, “A
Literature Reviewand Comparative Analyseson
SQL Injection: Vulnerabilities, Attacks and their
Prevention andDetectionTechniques”fromhttps://
pdfs.semanticscholar.org,Vol.11,Issue4,No1,July2
0 14pp20-34.
[3] SuhaimiIbrahim, “SQLInjectionDetectionand
PreventionT
echniques”fromhttps://
pdfs.semanticscholar.org/ Volume 3, Number 7,
August 2011, pp 85 - 89.
[4] G.Wassermann,Z.Su,“Analysisframeworkfor
security in web applications,” In: Proceedings of the
FSE Workshop on Specificationand Verification of
ComponentBasedSystems,fromhttp
s:// li n k . s p r i n g e r . c o m / c h a p t
e r / 10.1007/978−0−387−44599−15SAVCBS,pp.70–
78,2004.
[5] Mei Junjin, “An Approach for SQL Injection
Vulnerability Detection,” Proceedings. of the 6thI
n t .
Conf.onInformationTechnology:NewGenerations,L
asVegas,Nevada,pp.14-19,Apr.2009.
[6] V.Haldar, D.Chandra, and M.Franz, "Dynamic
Taint Propagation for Java," Proc. 2 1s t Annual
Computer Security Applications Conference, Dec
2005.
[7 ]S. W. Boydand AD. Keromytis," SQLrand:
Preventing SQL Injection Attacks," Proc. the 2nd A
p p l i e d
CryptographyandNetworkSecurity(ACNS)Conferen
ce,pp.292-302,Jun2004.
[8] G.T.Buehrer, RW.Weide, and P.AG.Sivilotti,
"Using Parse Tree Validation to Prevent SQL
Injection Attacks,"International Workshop on
Software Engineering and Middleware (SEM), 2005.
[9] Evans Dogbe, Richard Millham, Prenitha Singh
“A Combined Approach to Prevent SQL Injection
Attacks,” Science and Information Conference 2013
October7-9,2013,London,UK.
[10] Ryohei Komiya, Incheon Paik, Masayuki
Hisada, “Classification of Malicious Web Code by
Machine Learning,” Awareness Science and
Technology (iCAST), 2011 3rd International
Conference on, vol., no., pp.406,411, 27-30 Sept.
2011
[11] Justin Clarke. (2012). What Is SQL Injection?
[12] S. Steiner, D. Conte de Leon, and J. Alves-
Foss. (2017).A Structured Analysis of SQL Injection
Runtime Mitigation Techniques. Proc. 50th Hawaii
Int.Conf.Syst.Sci.,2887 2895. Doi:10.24251/hi css.
2017. 349 .
pdfs.semanticscholar.org/ Volume 3, Number 7,
August 2011, pp 85 - 89.