Detecting Structured Query Language Injections in Web Microservices Using Machine Learning

Round 1

Reviewer 1 Report

1. 1. Clarity and Detail in Methodology: Your methodology section is well-structured, but it would benefit from additional details about the specific configurations and parameters used for each machine learning algorithm. This would help in replicating and understanding the study better.

2.  

3. 2. Comparative Analysis: The comparison between the three algorithms (Random Forest, SVM, and Decision Tree) is insightful. However, including a discussion on why these specific algorithms were chosen over others in the field could strengthen your argument.

4.  

5. 3. Limitations and Future Work: It's commendable that you've acknowledged the limitations of your study. Expanding on how these limitations could be addressed in future research would be beneficial.

1. N/A

2.  

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The paper presents a comparative analysis of machine learning methods for SQL injection detection, including a useful categorization of SQLi attacks in Table 1. However, the study's contribution is limited due to the existing advanced research in this domain, such as the works [1-3], which not only compare ML methods but also propose novel models.

 The study lacks a clear articulation of its novelty and contribution over the other comparative studies. With substantial advancements in the field, including the use of NLP techniques and specialized models for high-speed environments, the paper's current form primarily reiterates known methods without significant innovation. 

For publication, the paper should emphasize its unique aspects and contributions, distinguishing itself from existing literature to demonstrate its advancement of the field.   References:

[1] K. Tasdemir, R. Khan, F. Siddiqui, S. Sezer, F. Kurugollu and A. Bolat, "An Investigation of Machine Learning Algorithms for High-bandwidth SQL Injection Detection Utilising BlueField-3 DPU Technology," 2023 IEEE 36th International System-on-Chip Conference (SOCC), Santa Clara, CA, USA, 2023, pp. 1-6

[2] Alghawazi, Maha, Daniyal Alghazzawi, and Suaad Alarifi. 2022. "Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review" Journal of Cybersecurity and Privacy 2, no. 4: 764-777.

[3] F. D. Michael Dass and C. F. Mohd Foozy, “A Comparative Study of SQL Injection Detection Using Machine Learning Approach”, aitcs, vol. 3, no. 2, pp. 19–31, Nov. 2022.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Dear Authors

The article discusses the issue of vulnerability caused by SQL injections in web microservices. The authors have used machine learning algorithms for detecting SQL injections. They conducted a brief literature review and identified eight types of SQL injections that attackers widely use. The references are appropriate.

To validate requests and detect attacks, the authors implemented a software architecture based on the microservices approach, in which the trained models and a web application were deployed.

The article is well-written, but there are a few details that need to be reviewed:

1.  The development and training part of machine learning should be presented in more depth.

2.  It is necessary to provide more explanation in lines 120 to 136, section 2.3, about the selection criterion for the algorithms used in the article.

3.  If the results presented in Table 2 are better for the LGBM and GBM, why were the LGBM and GBM algorithms not chosen for use in the article? It is necessary to explain.

4.  Section 3.2 "Microservices-based application" needs to be explained in more detail.

5.  The width of tables 1 and 2 should be checked to ensure they meet the journal's specifications.

6.  The width of Figure 3 should be checked to ensure it meets the journal's specifications.

7.  Paragraphs from lines 171 to 176 need to be correctly formatted.

8.  In lines 369 to 371 of the article's "Conclusions" section, this sentence cannot be stated due to the related text; a deeper explanation is necessary in section 2.3.

Best regards

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Thank you for the opportunity to review the revised manuscript. I appreciate the authors' efforts in addressing the concerns raised during the initial review process. The manuscript indeed highlights valuable aspects, notably the comprehensive table illustrating various SQL injection attack types alongside corresponding examples. This feature undoubtedly aids in the understanding of the subject matter.

Regarding my previous comments on the methodologies employed (TF-IDF, SVM, Random Forest, etc.), which have been extensively explored in the context of SQL injection attacks, the authors posit the implementation of these methods within a microservice architecture as a distinguishing factor from existing studies. While the adaptation to a microservice framework is noted, I must express that merely transferring existing and well-tested methods into a microservices architecture does not constitute a substantial theoretical or technical advancement in the field.

The manuscript would significantly benefit from an evaluation focusing on the inference speed of the proposed models when deployed as microservices, compared to traditional deployment methods. Such an analysis could potentially underline the benefits of microservice architecture in practical applications, thereby contributing to the novelty and value of the research. Unfortunately, the current version of the paper lacks this comparison, which diminishes its impact.

The comparison of accuracies and training times (referred to as execution times, though more accurately described as training times) does not offer new insights, considering that these metrics have been thoroughly investigated in prior works. It is important to note that the deterministic nature of algorithmic execution across various environments implies that the accuracy of the methods should remain unaffected by the transition to a microservices architecture. Additionally, the discussion on training times seems misplaced, given that the models are not specifically trained within a microservices environment in the study presented.

In light of these observations, I find the paper's contributions to the field to be limited. The paper risks being perceived as a reiteration of existing methodologies without providing significant new insights or advancements.

There are some minor errors such as the first sentence:
The microservices is are...

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 3 Report

Dear Authors

All suggestions were made, and the article was better in this way.

There is just one small point: In Table 1, page 4, in "Timing SQLI" line 1, It's in Spanish, please check.

Kind regards

Author Response

Please see the attachment.

Author Response File: Author Response.docx