Abstract

LDAP injection attacks have posed a growing danger to web application security, utilizing directory service vulnerabilities to obtain unauthorized access or tamper with sensitive information in recent times. In this thesis, a comprehensive method is developed for detecting and preventing LDAP injection attacks by utilizing a role-based access control approach to generate a unique dataset. Various categories and variations of LDAP queries that mimic real attack situations, as well as legitimate benign queries representing typical LDAP operations, are included in the dataset to further classify them based on user roles. Four different machine learning algorithms, including XGBoost, Logistic Regression, Support Vector Machines (SVM) and Random Forest, are used to identify malicious injection attempts. Each model is trained on the dataset and thoroughly evaluated using performance metrics like accuracy, precision, recall and F1-score to establish the most effective model in detecting LDAP injection attacks. While all models demonstrated strong performance in detecting LDAP injection attacks, XGBoost achieved the highest accuracy and demonstrated exceptional effectiveness, making it the most reliable choice for real-time detection. The best-performing model was integrated into a live web application without standard input validation for real-time testing. Results demonstrated the model’s ability to accurately detect and prevent LDAP injection attempts, highlighting its practicality as a robust solution for securing web applications. This thesis is distinct in its focus, as no prior research has specifically addressed LDAP injection detection and prevention using machine learning. While a comparative analysis with state-of-the-art LDAP security solutions was not possible due to the absence of existing research in this domain, the findings highlight the effectiveness of the proposed framework and its significant contribution to advancing the security of LDAP-enabled systems.

Library of Congress Subject Headings

LDAP (Computer network protocol); Web applications--Security measures; Machine learning

Publication Date

2024

Document Type

Thesis

Student Type

Graduate

Degree Name

Cybersecurity (MS)

Department, Program, or Center

Electrical Engineering

Advisor

Wesam Almobaideen

Advisor/Committee Member

Kevser Akpinar

Advisor/Committee Member

Ali Assi

Comments

This thesis has been embargoed. The full-text will be available on or around 1/17/2026.

Campus

RIT Dubai

Plan Codes

COMPSEC-MS

Download

Available for download on Saturday, January 17, 2026

Share

COinS