Journal of Information Systems and Informatics
Vol 8 No 3 (2026): June

Detection of SQL Injection, XSS, and Command Injection Attacks in Web Payloads Using SVM, Random Forest, and XGBoost

Andrian Eko Widodo (Universitas Bina Sarana Informatika)
Fabriyan Fandi Dwi Imaniawan (Universitas Bina Sarana Informatika)



Article Info

Publish Date
25 Jun 2026

Abstract

Web application attacks, including SQL Injection (SQLi), Cross-Site Scripting (XSS), and Command Injection (CmdI), remain major threats to digital services. This study develops and evaluates an adversarial-aware protocol for multi-class malicious payload detection, focusing on accuracy, robustness against non-adaptive mutations, and practical inference feasibility. The protocol compares LinearSVC, Random Forest, and XGBoost with character-level neural baselines, namely character CNN and BiLSTM, and a transparent rule-based comparator. Evaluation integrates stratified sampling, deduplicated validation, mutation testing, SHAP-based interpretation, and end-to-end throughput measurement. Experiments used 49,998 stratified records from the SQLi-XSS-CommandInjection dataset in Google Colaboratory. On the internal test set, XGBoost obtained the best performance, achieving 99.28% accuracy and 99.32% macro F1-score. After removing 878 exact duplicate records for stricter re-evaluation, XGBoost maintained 99.21% accuracy and 99.24% macro F1-score, indicating that the findings were not driven solely by duplicate leakage. The complete preprocessing, feature extraction, and prediction pipeline reached an average CPU inference time of 0.832 ms per sample. SHAP analysis of Random Forest highlighted injection operators, script fragments, keyword hits, and structural tokens as discriminative features. The results provide a controlled benchmark, although validation on real HTTP logs remains future work.

Copyrights © 2026






Journal Info

Abbrev

isi

Publisher

Subject

Computer Science & IT

Description

Journal-ISI is a scientific article journal that is the result of ideas, great and original thoughts about the latest research and technological developments covering the fields of information systems, information technology, informatics engineering, and computer science, and industrial engineering ...