@article{M752003B2,
title = "Two-stage SQL Injection Detection Method Using Pattern Matching and Machine Learning",
journal = "The Journal of Korean Institute of Communications and Information Sciences",
year = "2026",
issn = "1226-4717",
doi = "10.7840/kics.2026.51.1.35",
author = "Myeong-Gyu Eo, Sanghoon Jeon",
keywords = "SQL Injection, Pattern Matching, Machine Learning, Intrusion Detection, Two-stage SQL, Injection Detection",
abstract = "SQL injection is a major security threat in web applications. Existing detection methods are limited by a structural trade-off: fast detection comes at the cost of lower accuracy, while higher accuracy results in slower detection. To address this, we propose a two-stage detection (TSD) framework that combines pattern matching in the first stage with machine learning in the second stage. In the TSD framework, known attacks are rapidly filtered through pattern matching, and undetected queries are analyzed in detail using a machine learning model. Experiments using the Kaggle SQL Injection Dataset showed that TSD consistently increased recall across all models (Random Forest, Support Vector Machine, Logistic Regression XGBoost) compared to standalone machine learning, while also reducing detection time. This paper presents a practical solution for real-time SQL injection detection that simultaneously improves recall and reduces detection latency. Future work will focus on enhancing the practicality through online pattern updates and the expansion of datasets to address diverse attack scenarios."
}