SQL Injection Attack Detection

The dataset for SQL injection detection was collected at Makerere University through both simulated attacks and real-world queries. Using tools like Burp Suite and SQLMap in a controlled testbed, alongside MySQL server logs from live systems, a dataset of 22,470 SQL queries was created (91.65% malicious, 8.35% benign). Malicious queries were categorized into six attack types, with Union-based (28.37%) being the most common. Analysis revealed malicious queries were typically longer (128±41 characters vs. 87±32) and contained distinctive keyword patterns, with UNION appearing 90x more frequently in malicious queries than benign ones.