Compiler platform for SQL injection prevention code analysis based on .NET Compiler Platform (aka "Roslyn") and machine learning

The framework of SQL injection prevention using compiler platform based on Roslyn and Machine Learning

The framework of SQL injection prevention using compiler platform and Machine Learning is proposed. The Machine Learning part and compiler platform will be conducted to support SQL injection prediction by conducting 1,100 datasets of SQL commands to train Machine Learning model as well as compiler platform is developed to retrieved SQL commands over IDE and send to the Machine Learning in order to address the vulnerabilities and SQL command syntax correction. The results indicated that decision jungle is the best model in term of processing time and has the highest efficiency in prediction. The experimental results showed that the compiler platform can detect 98.0000 % of the vulnerable SQL commands from the samples.

Reference (IEEE Xplore): https://ieeexplore.ieee.org/abstract/document/7859950/

Demo (MP4): https://github.com/kritcs18/compiler-platform-for-sqlinjection-prevention-code-analysis/blob/master/SQL%20Injection%20Framework_Demo_28Dec2016.mp4