Sensitive data including identity information, passwords, financial and business processes belonging to the user are kept in the databases. These data can be obtained by attackers with malicious code added to SQL queries. The malicious and clean SQL queries are taken from OWASP dataset to ensure that the proposed approach effective and practical. The middleware application which is developed in this study analyzes these SQL queries instantly to prevent attackers from accessing sensitive data in databases. In order to provide protection, an ensemble classification algorithm is trained with 22 features which are obtained from queries containing malicious codes. The trained ensemble algorithm classifies queries as clean and malicious. For the first time in this study, malicious SQL injections are detected as simple, unified or lateral to determine the level of the cyber-attack. If the query is clean, the request is provided in the flow forwarding scheme, otherwise the query is blocked. If SQL injection is detected as simple, the SQL request is blocked. In other cases source IP address is blocked at different time intervals. The accuracy of the model maintains over 98% to detect SQL injections, and 92% to classify as simple, unified or lateral these attacks. This result demonstrates that the developed middleware application has an active role against simple, unified and lateral SQL Injection attacks which are so hard to detect and provides flexible decisions against the attacks.

包括用户身份信息，密码，财务和业务流程在内的敏感数据保存在数据库中。攻击者可以通过在SQL查询中添加恶意代码来获取这些数据。恶意和干净的SQL查询均来自OWASP数据集，以确保所提出的方法有效且实用。本研究中开发的中间件应用程序立即分析了这些SQL查询，以防止攻击者访问数据库中的敏感数据。为了提供保护，采用22种特征训练了集成分类算法，这些特征是从包含恶意代码的查询中获得的。经过训练的集成算法将查询分类为干净的和恶意的。在本研究中，首次将恶意SQL注入检测为简单，统一或横向确定网络攻击的级别。如果查询是干净的，则在流转发方案中提供该请求，否则查询将被阻止。如果检测到SQL注入很简单，则将阻止SQL请求。在其他情况下，源IP地址会在不同的时间间隔被阻止。该模型的准确性保持了98％以上的能力来检测SQL注入，而92％的能力将这些攻击分类为简单，统一或横向攻击。该结果表明，开发的中间件应用程序对难以检测的简单，统一和横向SQL注入攻击起着积极作用，并提供了针对攻击的灵活决策。SQL请求被阻止。在其他情况下，源IP地址会在不同的时间间隔被阻止。该模型的准确性保持了98％以上的能力来检测SQL注入，而92％的能力将这些攻击分类为简单，统一或横向攻击。该结果表明，开发的中间件应用程序对难以检测的简单，统一和横向SQL注入攻击起着积极作用，并提供了针对攻击的灵活决策。SQL请求被阻止。在其他情况下，源IP地址会在不同的时间间隔被阻止。该模型的准确性保持了98％以上的能力来检测SQL注入，而92％的能力将这些攻击分类为简单，统一或横向攻击。该结果表明，开发的中间件应用程序对难以检测的简单，统一和横向SQL注入攻击起着积极作用，并提供了针对攻击的灵活决策。