International Journal of Open Information Technologies

The security risks posed by (Structured Queried Language) SQL injection attacks in web applications necessitate more advanced detection methods beyond conventional techniques. Deep learning methods such as Long Short-Term Memory (LSTM) networks have been employed to detect SQL injection because they can handle sequential data such as SQL queries. In SQL datasets, imbalances arise due to the infrequent presence of malicious SQL queries. In this study, we employ data augmentation techniques that mitigate this issue and enable robust model training. The augmentation involves substituting keywords with randomly selected synonyms exclusively within malicious SQL queries. This augmentation approach is implemented on a sizable dataset, resulting in 89,143 samples post-augmentation, distinguishing this research from the prevailing literature that predominantly employs smaller datasets. The outcomes underscore the model's robustness, yielding 99.4% accuracy, precision, and F1 score. Compared to LSTM-based methodologies for SQL injection (SQLi) detection, the proposed approach showcases superior accuracy and efficiency in identifying potential threats. This research significantly fortifies cybersecurity measures for online applications and databases.

M. M. Bujnowska-Fedak, J. Waligóra, and A. Mastalerz-Migas, "The Internet as a source of health information and services," Advancements and Innovations in Health Sciences, pp. 1–16, 2019.

https://doi.org/10.1007/5584_2019_396

M. Y. Bae, H. K. Lim, and D. J. Cho, "A study on security diagnosis using automated Google hacking tools-focusing on the US government website," Journal of Advances in Information Technology, vol. 7, no. 2, pp. 93–97, 2016.

P. Sadotra and C. Sharma, "SQL Injection Impact on Web Server and Their Risk Mitigation Policy Implementation Techniques: An Ultimate solution to Prevent Computer Network from Illegal Intrusion.," International Journal of Advanced Research in Computer Science, vol. 8, no. 3, 2017.

D. A. Kindy and A.-S. K. Pathan, "A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques," in 2011 IEEE 15th international symposium on consumer electronics (ISCE), IEEE, 2011, pp. 468–471.

https://doi.org/10.1109/ISCE.2011.5973873

G. Deepa, P. S. Thilagam, F. A. Khan, A. Praseed, A. R. Pais, and N. Palsetia, "Black-box detection of XQuery injection and parameter tampering vulnerabilities in web applications," Int J Inf Secur, vol. 17, pp. 105–120, 2018.

https://doi.org/10.1007/s10207-016-0359-4

W. B. Demilie and F. G. Deriba, "Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques," J Big Data, vol. 9, no. 1, p. 124, 2022.

https://doi.org/10.1186/s40537-022-00678-0

G. R. Chowdary, S. Neeraj, and S. Sparsha, "Machine Learning Approaches for Different Cyberthreats," BMS Institute of technology and Management, 2021.

https://doi.org/10.13140/RG.2.2.23437.67040

M. H. U. Sharif, "Web Attacks Analysis and Mitigation Techniques," International Journal of Engineering Research & Technology (IJERT), pp. 10–12, 2022.

R. Dorai and V. Kannan, "SQL injection-database attack revolution and prevention," J. Int’l Com. L. & Tech., vol. 6, p. 224, 2011.

H. M. Elshafie, T. M. Mahmoud, and A. A. Ali, "Improving the performance of the snort intrusion detection using clonal selection," in 2019 International Conference on Innovative Trends in Computer Engineering (ITCE), IEEE, 2019, pp. 104–110.

https://doi.org/10.1109/ITCE.2019.8646601

A. Luo, W. Huang, and W. Fan, "A CNN-based Approach to the Detection of SQL Injection Attacks," in 2019 IEEE/ACIS 18th International Conference on Computer and Information Science (ICIS), IEEE, 2019, pp. 320–324.

https://doi.org/10.1109/ITCE.2019.8646601

Q. Li, F. Wang, J. Wang, and W. Li, "LSTM-based SQL injection detection method for intelligent transportation system," IEEE Trans Veh Technol, vol. 68, no. 5, pp. 4182–4191, 2019.

https://doi.org/10.1109/TVT.2019.2893675

P. Tang, W. Qiu, Z. Huang, H. Lian, and G. Liu, "Detection of SQL injection based on artificial neural network," Knowl Based Syst, vol. 190, p. 105528, 2020. https://doi.org/10.1016/j.knosys.2020.105528.

A. Sivasangari, J. Jyotsna, and K. Pravalika, "SQL Injection Attack Detection using Machine Learning Algorithm," in Proceedings of the 5th International Conference on Trends in Electronics and Informatics, ICOEI 2021, Institute of Electrical and Electronics Engineers Inc., Jun. 2021, pp. 1166–1169.

https://doi.org/10.1109/ICOEI51242.2021.9452914

P. Roy, R. Kumar, and P. Rani, "SQL injection attack detection by machine learning classifier," in 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), IEEE, 2022, pp. 394–400.

https://doi.org/10.1109/ICAAIC53929.2022.9792964

Hussain, S. S. (2019). SQL injection dataset [Data set]. Kaggle. https://www.kaggle.com/datasets/syedsaqlainhussain/sql-injection-dataset

Hussain, S. S. (2020). SQL injection dataset [Data set]. Kaggle. https://www.kaggle.com/datasets/syedsaqlainhussain/sql-injection-dataset

Hussain, S. S. (2021). SQL injection dataset [Data set]. Kaggle. https://www.kaggle.com/datasets/syedsaqlainhussain/sql-injection-dataset

D. Wichers and J. Williams, "Owasp top-10 2017," OWASP Foundation, vol. 3, p. 4, 2017.

Y. Fang, Y. Li, L. Liu, and C. Huang, "DeepXSS: Cross site scripting detection based on deep learning," in Proceedings of the 2018 international conference on computing and artificial intelligence, 2018, pp. 47–51.

https://doi.org/10.1145/3194452.3194469

M. T. Muslihi and D. Alghazzawi, "Detecting SQL Injection On Web Application Using Deep Learning Techniques: A Systematic Literature Review," in 2020 Third International Conference on Vocational Education and Electrical Engineering (ICVEE), 2020, pp. 1–6.

https://doi.org/10.1109/ICVEE50212.2020.9243198

S. Fraihat, S. Makhadmeh, M. Awad, M. A. Al-Betar, and A. Al-Redhaei, "Intrusion detection system for large-scale IoT NetFlow networks using machine learning with modified Arithmetic Optimization Algorithm," Internet of Things, p. 100819, 2023.

N. Joshi Padma, N. Ravishankar, M. B. Raju, and N. C. Ravi, “Surgical Striking Sql Injection Attacks Using Lstm,” Indian Journal of Computer Science and Engineering, vol. 13, no. 1, pp. 208–220, Jan. 2022

K. R. Jothi, N. Pandey, P. Beriwal, and A. Amarajan, "An efficient SQL injection detection system using deep learning," in 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), IEEE, 2021, pp. 442–445.

https://doi.org/10.1109/ICCIKE51210.2021.9410674

I. C. Potinteu and R. Varga, "Detecting Injection Attacks using Long Short-Term Memory," in Proceedings - 2020 IEEE 16th International Conference on Intelligent Computer Communication and Processing, ICCP 2020, Institute of Electrical and Electronics Engineers Inc., Sep. 2020, pp. 163–169.

https://doi.org/10.1109/ICCP51029.2020.9266177

A. Falor, M. Hirani, H. Vedant, P. Mehta, and D. Krishnan, "A deep learning approach for detection of sql injection attacks using convolutional neural networks," in Proceedings of Data Analytics and Management: ICDAM 2021, Volume 2, Springer, 2022, pp. 293–304.

https://doi.org/10.1007/978-981-16-6285-0_24