Logfile-Based SQL Injection Detection and Prevention System for PHP Web Applications

Abstract

This research aims to 1) analyze real-world SQL Injection attack patterns from system Logfile, 2) design and develop an automated SQL Injection detection and prevention system using rule-based techniques, and 3) evaluate the system's performance. Methodology The study was conducted in three phases 1) collecting and analyzing 4,649 historical log records to establish detection rules 2) validating the algorithm with a new dataset of 4,312 records and 3) evaluating performance using TP, FP, FN, and TN metrics through a real-world deployment on the Cultural Map Thailand information system over a period of 830 days. The findings demonstrate that the system achieved up to 100% Accuracy and F1-Score across all testing phases under controlled conditions. During the practical implementation, the system successfully detected a total of 25,660 attack attempts. Furthermore, the results indicate a significant decrease in the average daily attack rate post-deployment, illustrating the system's deterrent effect and its capability to effectively identify complex evasion techniques. This approach significantly enhances the long-term security posture of web-based information systems.