# SQL Injection Classification

The following notebook contains the code used for exploratotry data analysis and model building for our SQL injection detection model. The dataset used is the [SQL Injection Detection](https://www.kaggle.com/datasets/gambleryu/biggest-sql-injection-dataset) dataset from Kaggle. The dataset contains 148326 rows of data with 2 columns, one for the SQL query and the other for the label. The label is binary, with 1 indicating that the query is a SQL injection and 0 indicating that the query is not a SQL injection.`

In [1]:
import pandas as pd

In [15]:
raw_df = pd.read_csv('clean_sql_dataset.csv')

In [16]:
raw_df

Unnamed: 0,Query,Label
0,""" or pg_sleep ( __TIME__ ) --",1
1,create user name identified by pass123 tempora...,1
2,AND 1 = utl_inaddr.get_host_address ( ...,1
3,select * from users where id = '1' or @ @1 ...,1
4,"select * from users where id = 1 or 1#"" ( ...",1
...,...,...
148321,5555555555555555555555555555555555555555555555...,0
148322,0521094088709893969415119606172279713007042396...,0
148323,,0
148324,"""or 1=1",1


In [17]:
raw_df.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 148326 entries, 0 to 148325
Data columns (total 2 columns):
 #   Column  Non-Null Count   Dtype 
---  ------  --------------   ----- 
 0   Query   148326 non-null  object
 1   Label   148326 non-null  int64 
dtypes: int64(1), object(1)
memory usage: 2.3+ MB


Might be worth it to try and find the count of each target string in the dataset to see if there are any noticable correlations between the target count and the query.
Some SQLi queries use a lot of `char (` and `chr (` functions.

In [19]:
labeled_df = raw_df.copy()
labeled_df['contains_AND'] = labeled_df['Query'].str.contains('AND', case=False, na=False).astype(int)
labeled_df['contains_OR'] = labeled_df['Query'].str.contains('OR', case=False, na=False).astype(int)
labeled_df['contains_EQUAL'] = labeled_df['Query'].str.contains('=', case=False, na=False).astype(int)
labeled_df['contains_SEMICOLON'] = labeled_df['Query'].str.contains(';', case=False, na=False).astype(int)
labeled_df['contains_UNION'] = labeled_df['Query'].str.contains('UNION', case=False, na=False).astype(int)
labeled_df['contains_AT'] = labeled_df['Query'].str.contains('@', case=False, na=False).astype(int)
labeled_df['count_AT'] = labeled_df['Query'].str.count('@').fillna(0).astype(int)
labeled_df['contains_SELECT'] = labeled_df['Query'].str.contains('SELECT', case=False, na=False).astype(int)
labeled_df['contains_INSERT'] = labeled_df['Query'].str.contains('INSERT', case=False, na=False).astype(int)
labeled_df['contains_UPDATE'] = labeled_df['Query'].str.contains('UPDATE', case=False, na=False).astype(int)
labeled_df['contains_DELETE'] = labeled_df['Query'].str.contains('DELETE', case=False, na=False).astype(int)
labeled_df['contains_ASTERISK'] = labeled_df['Query'].str.contains('\*', case=False, na=False).astype(int)
labeled_df['contains_CONCAT'] = labeled_df['Query'].str.contains('CONCAT', case=False, na=False).astype(int)
labeled_df['contains_SLEEP'] = labeled_df['Query'].str.contains('SLEEP', case=False, na=False).astype(int)
labeled_df['contains_CHAR'] = labeled_df['Query'].str.contains('char\s*\(', case=False, na=False).astype(int)
labeled_df['count_CHAR'] = labeled_df['Query'].str.count('char\s*\(').fillna(0).astype(int)
labeled_df['contains_CHR'] = labeled_df['Query'].str.contains('chr\s*\(', case=False, na=False).astype(int)
labeled_df['count_CHR'] = labeled_df['Query'].str.count('chr\s*\(').fillna(0).astype(int)
labeled_df['length'] = labeled_df['Query'].str.len()

  labeled_df['contains_ASTERISK'] = labeled_df['Query'].str.contains('\*', case=False, na=False).astype(int)
  labeled_df['contains_CHAR'] = labeled_df['Query'].str.contains('char\s*\(', case=False, na=False).astype(int)
  labeled_df['count_CHAR'] = labeled_df['Query'].str.count('char\s*\(').fillna(0).astype(int)
  labeled_df['contains_CHR'] = labeled_df['Query'].str.contains('chr\s*\(', case=False, na=False).astype(int)
  labeled_df['count_CHR'] = labeled_df['Query'].str.count('chr\s*\(').fillna(0).astype(int)
