Multi-source Evidence Fusion Based Confidence Assessment Method for SQL Injection Vulnerability Detection : An Application Study in Healthcare Information Systems

Healthcare information systems face severe SQL injection threats, yet automated detection tools like SQLMap and OWASP ZAP produce 30-40% false positive rates and provide only binary "vulnerable/secure" classifications without confidence quantification. This leaves hospital security teams unable to prioritize hundreds of alerts or make riskbased decisions aligned with Health Insurance Portability and Accountability Act compliance requirements. This research develops a multi-source evidence fusion approach that transforms binary tool outputs into continuous confidence scores tailored for medical environments. Applying three heuristic rules: Consistency Reward boosts confidence when tools agree closely, Strong Evidence Boost prevents underestimating obvious vulnerabilities when SQL error keywords appear, and Medical Risk Bonus elevates confidence for high-risk modules like prescription systems. The adaptive confidence thresholds were designed for four medical risk levels (L1-L4), ranging from 0.11 for critical prescription systems to 0.52 for low-risk appointment scheduling, replacing the standard 0.50 threshold used in generic security scanning. Through controlled experiments on 55 test cases (32 real vulnerabilities from DVWA and sqli-labs, 23 secure implementations), the proposed approach achieved F1-score: 85.71%, a 12.03% improvement over SQLMap alone (73.68%). Confidence scores clearly separated vulnerable systems (averaging 0.79) from secure implementations (averaging 0.21), with a 0.58-point gap demonstrating meaningful reliability quantification. Adaptive threshold performance varies: L3 reduces false positive rate by 50% while maintaining recall, L2 achieves perfect recall (100%) while preserving false positive rate, and L1's ultra-low threshold causes false positive rate to jump from 0% to 50%. L4 maintains false alarm rate while reducing recall by 20% within acceptable limits. Component analysis indicates Strong Evidence Enhancement contributes most significantly (performance drops 7.74% upon removal), and parameter sensitivity testing demonstrates robust performance (CV=0.95%). The primary contribution transforms vulnerability detection from binary alerts into confidence-based assessments that support defensible prioritization in healthcare security workflows. By quantifying detection reliability and adapting thresholds to medical risk contexts, this approach enables security teams to allocate limited resources effectively while maintaining patient safety and HIPAA compliance.