Implementation of Multinomial Naive Bayes-Based SQL Injection Detection Middleware and Validation of Robustness Against SQLMap

  • Malik Syafi'i universitas singaperbangsa karawang
  • Arip Solehudin Universitas Singaperbangsa Karawang
  • Purwantoro Purwantoro Universitas Singaperbangsa Karawang

Abstract

This research aims to develop an automated detection and blocking middleware for SQL Injection (SQLi) attacks using the Multinomial Naïve Bayes (MNB) algorithm integrated into a Flask-based web application. Unlike previous studies focusing on static model accuracy or system performance comparisons, this study emphasizes the full application of the Knowledge Discovery in Databases (KDD) methodology to build an active defense model and empirically validate its resilience against automated exploitation tools. The model was trained using the public RbSQLi dataset through stages of selection, Regex Abstraction-based text preprocessing, TF-IDF transformation, and internal evaluation. Test results show that the model achieved 100% accuracy, precision, recall, and F1-Score on isolated test data. Operational validation using black-box penetration testing with SQLMap proved that the middleware successfully blocked all major attack vectors (Error-based, Union-based, Boolean-blind, Time-blind, and Stacked Queries), thereby changing the target parameter status from vulnerable (injectable) to safe (not injectable). These findings confirm that the KDD approach with the MNB algorithm can produce an effective application security layer in neutralizing automated SQLi threats without requiring complex computational architectures.

Published
2026-06-30
How to Cite
Syafi’i, M., Solehudin, A., & Purwantoro, P. (2026). Implementation of Multinomial Naive Bayes-Based SQL Injection Detection Middleware and Validation of Robustness Against SQLMap. IKRA-ITH Informatika : Jurnal Komputer Dan Informatika, 10(2), 410-416. https://doi.org/10.37817/ikraith-informatika.v10i2.6874