SQL Injection Detection Using a Stacking Ensemble Machine Learning Model
  • Author(s): Ezema Promise Ogochukwu; Dr. Oluwasegun Ishaya Adelaiye; Abimaje Friday
  • Paper ID: 1719702
  • Page: 1074-1084
  • Published Date: 13-07-2026
  • Published In: Iconic Research And Engineering Journals
  • Publisher: IRE Journals
  • e-ISSN: 2456-8880
  • Volume/Issue: Volume 10 Issue 1 July-2026
  • DOI: https://doi.org/10.64388/IREV10I1-1719702
Abstract

Structured Query Language (SQL) injection remains one of the most persistent and damaging vulnerabilities affecting database-driven web applications, allowing attackers to manipulate backend queries, exfiltrate sensitive data, and compromise system integrity. Conventional countermeasures such as input validation, parameterized queries, and signature-based filters struggle against novel or obfuscated attack payloads. This study presents a stacking ensemble machine learning model for SQL injection detection that combines Random Forest, Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost) as base learners, with Logistic Regression acting as a meta-learner over out-of-fold prediction. A labelled corpus of 12,000 SQL statements (6,500 legitimate, 5,500 malicious) was cleaned, tokenized, and vectorized using Term Frequency-Inverse Document Frequency (TF-IDF) prior to training, and five-fold cross-validation was used throughout to guard against overfitting. The trained model was deployed inside a Flask/MySQL web application that screens submitted queries in real time. On a held-out test set, the stacking ensemble achieved 98.42% accuracy, 98.15% precision, 98.70% recall, a 98.42% F1-score, a ROC-AUC of 0.992, and a Matthews Correlation Coefficient of 0.968 — outperforming Decision Tree, standalone Random Forest, SVM, and XGBoost classifiers on every metric. These results indicate that stacking ensemble learning is a practical, high-accuracy complement to conventional defenses and merits adoption as an additional detection layer in web application security pipelines.

Keywords

SQL Injection, Stacking Ensemble Learning, Machine Learning, Web Application Security, Random Forest, Support Vector Machine, XGBoost, Logistic Regression, Cybersecurity.

Citations

IRE Journals:
Ezema Promise Ogochukwu, Dr. Oluwasegun Ishaya Adelaiye, Abimaje Friday "SQL Injection Detection Using a Stacking Ensemble Machine Learning Model" Iconic Research And Engineering Journals Volume 10 Issue 1 2026 Page 1074-1084 https://doi.org/10.64388/IREV10I1-1719702

IEEE:
Ezema Promise Ogochukwu, Dr. Oluwasegun Ishaya Adelaiye, Abimaje Friday "SQL Injection Detection Using a Stacking Ensemble Machine Learning Model" Iconic Research And Engineering Journals, vol. 10, no. 1, Jul. 2026, doi: https://doi.org/10.64388/IREV10I1-1719702

APA:
Ezema Promise Ogochukwu, Dr. Oluwasegun Ishaya Adelaiye, Abimaje Friday (2026). SQL Injection Detection Using a Stacking Ensemble Machine Learning Model. Iconic Research And Engineering Journals, 10(1). doi: https://doi.org/10.64388/IREV10I1-1719702

MLA:
Ezema Promise Ogochukwu, Dr. Oluwasegun Ishaya Adelaiye, Abimaje Friday "SQL Injection Detection Using a Stacking Ensemble Machine Learning Model" Iconic Research And Engineering Journals, vol. 10, no. 1, Jul. 2026. Crossref, https://doi.org/10.64388/IREV10I1-1719702

BibTeX

@article{1719702,
author = {Ezema Promise Ogochukwu, Dr. Oluwasegun Ishaya Adelaiye, Abimaje Friday},
title = {SQL Injection Detection Using a Stacking Ensemble Machine Learning Model},
journal = {Iconic Research And Engineering Journals},
year = {2026},
volume = {10},
number = {1},
pages = {1074-1084},
issn = {2456-8880},
url = {https://www.irejournals.com/formatedpaper/1719702.pdf},
abstract = {Structured Query Language (SQL) injection remains one of the most persistent and damaging vulnerabilities affecting database-driven web applications, allowing attackers to manipulate backend queries, exfiltrate sensitive data, and compromise system integrity. Conventional countermeasures such as input validation, parameterized queries, and signature-based filters struggle against novel or obfuscated attack payloads. This study presents a stacking ensemble machine learning model for SQL injection detection that combines Random Forest, Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost) as base learners, with Logistic Regression acting as a meta-learner over out-of-fold prediction. A labelled corpus of 12,000 SQL statements (6,500 legitimate, 5,500 malicious) was cleaned, tokenized, and vectorized using Term Frequency-Inverse Document Frequency (TF-IDF) prior to training, and five-fold cross-validation was used throughout to guard against overfitting. The trained model was deployed inside a Flask/MySQL web application that screens submitted queries in real time. On a held-out test set, the stacking ensemble achieved 98.42% accuracy, 98.15% precision, 98.70% recall, a 98.42% F1-score, a ROC-AUC of 0.992, and a Matthews Correlation Coefficient of 0.968 — outperforming Decision Tree, standalone Random Forest, SVM, and XGBoost classifiers on every metric. These results indicate that stacking ensemble learning is a practical, high-accuracy complement to conventional defenses and merits adoption as an additional detection layer in web application security pipelines.},
keywords = {SQL Injection, Stacking Ensemble Learning, Machine Learning, Web Application Security, Random Forest, Support Vector Machine, XGBoost, Logistic Regression, Cybersecurity.},
month = {July}
}