FACULTY OF COMPUTING

This work intends to provide a computer based system for the maintenance of personnel records of employees in organization. The work addresses limitations identified with manual method of handling personnel records of employees in a firm by providing a better platform to eliminate fraud, corruption, file hiding and misplacement, records falsification, duplication, fragmentation, inconsistencies and
other vices attendant with manual method of handling personnel records. The Personnel Information System (PIS) software is a user friendly package that gives one the fit to accurately monitor employees' records effortless. With Personnel Information System (PIS), the personnel records of employees in a firm regardless of their place of assignment are simultaneously integrated and rationalized through
the creation of a single system that provides accurate information to all in a time and cost efficient manner. This software is designed for stand-alone windows environment, but has the ability to be networked. The interface is Visual Basic language with the structured query language (SQL). The implementation of the system will provide speedy retrieval of data as well as enhancing effective and efficient data.

This research develops an AI-powered Web Application Firewall (WAF) to detect SQL injection( SQLi) attacks, addressing the limitations of traditional signature-based systems. Using the Kaggle SQLi dataset (30,905 queries), the study applied TF-IDF character-level n-grams and three machine learning models: XGBoost, Random Forest, and SVM, with hyperparameter tuning using grid search and cross-validation. The SVM model performed best, achieving 99.48% accuracy, 99.59% F1-score, 99.90% AUC- ROC, very low false positives and false negatives, and real-time detection with 1.52 ms latency and throughput of 658 queries/second per CPU core. Character n-grams successfully captured common SQLi patterns such as UNION SELECT, OR operators, comments, and tautologies. A Flask-based web application and REST API demonstrated that the system is production-ready, highly scalable, and far cheaper than commercial WAFs. The research confirms that traditional machine learning with good feature engineering can match deep learning performance while remaining simpler and more efficient. Limitations include reliance on one dataset, binary classification, and reduced effectiveness against highly obfuscated or second-order attacks. Future work should involve multi-dataset
testing, adversarial robustness, attack subtype classification, and exploring contextual embeddings. Overall, the study shows that ensemble machine learning provides an accurate, fast, and cost- effective alternative for real-time SQL injection detection.

Small and Medium Enterprises (SMEs) often face challenges in managing the overwhelming number of security alerts generated by their IT systems. Traditional alert systems lack contextual intelligence, leading to alert fatigue, delayed responses, and missed critical incidents. This study presents a context-aware Alert Management System that enhances prioritization accuracy by incorporating operational factors such as alert frequency, entity type, business hours, and historical severity. The system was designed and implemented using a React-based simulation environment with 50 synthetic alerts representing realistic SME security events. Comparative evaluation between a baseline model ((Severity + Criticality)/2) and an enhanced model ((Severity + Criticality + Context Factor)/3) demonstrated a 42.42% reduction in alert fatigue and
complete elimination of false-positive high-priority alerts while maintaining 100% detection of genuine threats. The findings confirm that context-aware alert management significantly improves prioritization accuracy and analyst efficiency. The proposed framework provides SMEs with a cost-effective, transparent, and scalable solution for strengthening their cybersecurity posture and improving real-time incident response.