{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T20:39:58Z","timestamp":1769200798986,"version":"3.49.0"},"reference-count":19,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Intelligent Decision Technologies"],"published-print":{"date-parts":[[2025,11]]},"abstract":"<jats:p>SQL injection (SQLi) is a serious security threat that allows attackers to access and manipulate databases through malicious input. Machine learning algorithms have shown strong potential for detecting SQL injection (SQLi) attacks. However, their performance depends heavily on the quality and relevance of the features used in training. Feature selection plays a key role in identifying the most effective, minimal set of features from the SQLi dataset. In this study, a hybrid SQLi detection method is proposed that combines feature selection with machine learning algorithms. A real-world dataset containing 13 features was first developed. Then, a hybrid Horse Herd Optimizer was developed and applied to select the most influential features before model training. Several machine learning classifiers were trained using the optimal feature set. The proposed method achieved high predictive performance, with 99.49% accuracy, 99.62% sensitivity, and 99.00% F1-score. These results were obtained using only about 45% of the original features. The reduction in feature size also improved the model's efficiency and training speed. The findings show that combining intelligent feature selection with machine learning significantly enhances SQLi detection. This approach is effective, scalable, and suitable for real-world security applications.<\/jats:p>","DOI":"10.1177\/18724981251385295","type":"journal-article","created":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T08:37:28Z","timestamp":1765183048000},"page":"3939-3956","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":0,"title":["A feature selection-based method for SQL injection detection using machine learning algorithms"],"prefix":"10.1177","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5202-6315","authenticated-orcid":false,"given":"Bahman","family":"Arasteh","sequence":"first","affiliation":[{"name":"Faculty of Engineering and Natural Science, Istinye University"},{"name":"Department of Computer Science, Khazar University, Baku, Azerbaijan"},{"name":"Applied Science Research Center, Applied Science Private University, Amman, Jordan"}]},{"given":"Seyed Salar","family":"Sefati","sequence":"additional","affiliation":[{"name":"Faculty of Engineering and Natural Science, Istinye University"},{"name":"Telecommunications and Information Technology, National University for Science and Technology POLITEHNICA Bucharest, 060042 Bucuresti, Romania"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0081-041X","authenticated-orcid":false,"given":"Mohammadbagher","family":"Karimi","sequence":"additional","affiliation":[{"name":"Department of Software Development, Faculty of Computer and Information Technology, Cappadocia University, Nev\u015fehir, T\u00fcrkiye"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1570-875X","authenticated-orcid":false,"given":"Ibrahim Furkan","family":"Ince","sequence":"additional","affiliation":[{"name":"Department of Software Development, Faculty of Arts and Sciences, Beykent University, Istanbul, Turkiye"}]}],"member":"179","published-online":{"date-parts":[[2025,12,8]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2023.108600"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2024.3400404"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2025.3583234"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1063\/1.4982570"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-025-07109-w"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00791-y"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00738-3"},{"key":"e_1_3_2_9_2","doi-asserted-by":"crossref","unstructured":"Bak\u0131r R. (2025). UniEmbed: A novel approach to detect XSS and SQL injection attacks leveraging multiple feature fusion with machine learning techniques. Arab J Sci Eng. https:\/\/doi.org\/10.1007\/s13369-024-09916-4","DOI":"10.1007\/s13369-024-09916-4"},{"key":"e_1_3_2_10_2","article-title":"A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm","volume":"14","author":"Abikoye OC","year":"2020","unstructured":"Abikoye OC, Abubakar A, Dokoro AH, et al. A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm. EURASIP Journal on Information Security 2020; 14. https:\/\/doi.org\/10.1186\/s13635-020-00113-y","journal-title":"EURASIP Journal on Information Security"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-024-74350-3"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-024-09429-z"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.3390\/math12182917"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2020.106711"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-022-10328-9"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.3390\/sym15020401"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1108\/DTA-03-2020-0073"},{"key":"e_1_3_2_18_2","unstructured":"Dataset Repository. Retrieved from https:\/\/drive.google.com\/drive\/folders\/1yQ-vny7vmhyycg823Rb091sHHrhusx3s?usp=sharing."},{"key":"e_1_3_2_19_2","doi-asserted-by":"crossref","unstructured":"Zhang K A machine learning based approach to identify SQL injection vulnerabilities. 2019 34th IEEE\/ACM international conference on automated software engineering (ASE) San Diego CA USA 2019 pp. 1286\u20131288 http:\/\/dx.doi.org\/10.1109\/ASE.2019.00164","DOI":"10.1109\/ASE.2019.00164"},{"key":"e_1_3_2_20_2","first-page":"22","volume-title":"Proceedings of the CSAE 2019","author":"Zhang H","unstructured":"Zhang H, Zhao J, Zhao B, et al. SQL Injection detection based on deep belief network. In: Proceedings of the CSAE 2019. Sanya, China: Proceedings of the 3rd International Conference on Computer Science and Application Engineering, October 2019, pp.22\u201324."}],"container-title":["Intelligent Decision Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/18724981251385295","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/18724981251385295","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/18724981251385295","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T22:35:50Z","timestamp":1769121350000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/18724981251385295"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11]]},"references-count":19,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["10.1177\/18724981251385295"],"URL":"https:\/\/doi.org\/10.1177\/18724981251385295","relation":{},"ISSN":["1872-4981","1875-8843"],"issn-type":[{"value":"1872-4981","type":"print"},{"value":"1875-8843","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11]]}}}