From Rule-Based Defense to Machine Learning: A Comparative Study on SQL Injection Detection
摘要
Traditional rule-based SQL injection detection methods are increasingly ineffective against modern obfuscation techniques. This work explores the shift from static rules to machine learning–based dynamic detection through a comprehensive comparative study. Using the CSIC-2010 dataset (over 36,000 normal and 12,500 malicious requests), we evaluate five models—Logistic Regression, Decision Tree, Support Vector Machine (SVM), Random Forest, and Gradient Boosting—employing character-level TF-IDF features and MaxAbsScaler normalization. A full detection pipeline is constructed, integrating preprocessing, model training, and API encapsulation for deployment. Experimental results show that ensemble models outperform traditional approaches in accuracy and recall, while SVM and Logistic Regression achieve competitive performance with lower complexity. These findings highlight the limitations of rule-based defenses and validate machine learning as a technically superior and practical paradigm for real-time SQL injection detection.