Augmenting SQL Injection Attack Detection via Deep Convolutional Neural Network | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Augmenting SQL Injection Attack Detection via Deep Convolutional Neural Network Sneha Baral BK Sneha, Hakam Singh This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-3848810/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Advancing the systematic methods or algorithms is necessary because SQL injection attacks can be hazardous for the security of databases and various web applications. SQL injection can be a destructive security risks which targets vulnerable web applications. There were many techniques which was previously developed which is also known as traditional methods or techniques. Those techniques used to generally rely on the signature-based methods which struggle to adjust into new attack patterns. Therefore, different new techniques were introduced with integration of machine learning. SQL injection attack detection with the blend of machine learning facilitates improvement in cybersecurity providing the scalable and the proficient defense mechanism against the developing cyber-attack. This research paper provides a potential technique to the danger of SQL injection which is based on Machine Learning i.e. Deep Convolutional Neural Network (DCNN). The proposed model was trained on the large datasets which includes genuine as well as malicious SQL queries for assuring its ability to adapt different types of evolving attacks. We have used embedding layers and tokenization techniques for demonstrating SQL queries as numerical input for the model. It is made up of many convolutional layers and fully linked layers which is able to illustrate the complex patterns and the complex correlation that can be observed in SQL queries. Our approach to detect a SQL injection attack utilizing a DCNN illustrates the remarkable accuracy, precision, recall as well as F1 score. Additionally, we also had a look at the significances of using deep learning techniques in real-world scenarios along with the existing web application and the framework. SQL Injection Detection Deep Convolutional Neural Network (DCNN) cybersecurity Embedding layers Innovative Global Max Pooling Layer Information and Communication Technology Imbalanced Data sustainable research development Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 1 Introduction SQL injection attacks which is also known as SQLi, it has an instability to the security of web applications and various databases which can be hazardous. These attacks belong to a group of nefarious methods that exploit weaknesses in how web applications process user inputs, particularly regarding database queries [ 5 ]. SQL injection attacks give malicious actors the ability to change the format and content of SQL queries submitted to a database, giving them access to private information, changing the contents of the database, or running malicious code on the underlying systems. [ 8 ] Attacks using SQL Injection have a really simple underlying premise. When a web application communicates with a database, it frequently creates SQL queries by fusing user inputs with preset SQL code. Attackers, however, can insert harmful SQL code within these inputs if the application does not sufficiently check and sanitize user inputs. When the application submits this corrupted input to the database, it runs the inserted SQL code like a query. Unfortunately, this often leads to outcome i.e. SQL injection attack. [ 10 ] In the battle against SQL injection attacks, innovational technologies like artificial intelligence and machine learning have become essential. To improve cyber threat detection and prevention certain machine learning models, such as networks have shown promise. Deep Convolutional Neural Networks (DCNNs) are often employed for the analyzation of image as well as sequenced data. It plays one of the important roles in Information and Communication Technology and can also be applied for the robustness of cybersecurity. DCNN has an adequacy to be trained for recognition of different irregularities as well as patterns which can be observed in the structure of SQL queries which permit a successful differentiation between the normal input and the malicious input. By leveraging intrinsic stratified capabilities, the learning potentiality of DCNN can discover the uncertainty in SQL query which may specify as a SQL injection attempt. In DCNN, various convolutional layers are exceptionally better for capturing the relationships using the local patterns enclosed by the input data. Blending the DCNN with other machine learning procedures can support for a defense mechanism against the SQL injection attacks. Furthermore, it plays an important role in the development of the research and the resilience of DCNN facilitates for altering and obtaining knowledge from the ongoing risks factor which assemble it to make the precious advantages in the varying department of cybersecurity. The adequacy against the advancing SQL injection strategies utilized by the people can be utilized by updating and retraining of the proposed model. This adds to the vigor of web applications and data sets accordingly towards developing online protection dangers. SQL injection attacks can be hazardous for the several reasons and among them some of following are listed below: - Exfiltrating the Data: The databases is usually used for storing the meaningful data and credentials which includes user ID, personal details, various security details such as passwords, search history, transactions history done for financial purposes which may result in identity theft or destructive plans by hackers.[ 13 ] Manipulating the Data: As databases contains the meaningful information, SQL injection method can be used for the alteration for information stored over there. This may create the system crashes, corrupted data and other harmful effects.[ 5 ] Illegitimate Access: Hackers can enter to the web applications and the control panels and the web applications by passing the systems authentication which permits them to control the programs and initiate the attacks on different individuals or companies.[ 15 ] Elevated Privileges: In specific cases, malicious actors can raise the honors inside a weak dataset or database which can be able to ruin the whole system.[ 19 ] Damage of Reputation: The successful SQL injections may have the ability to ruin the reputation of the by hindering the consumers as well as the client trust.[ 17 ] It is necessary for the continuation of useful measures such as SQL queries, validation of input and other advance software for detection to minimize the dangerous attacks and even hackers may design and evolve new techniques for injection SQL databases. So for the better output, different companies have put their steps forward for the formation and execution for the detection and prevention of SQL injection attacks. 2 SQL injection Attacks SQL is a standard language that is used to work in a various databases which permits the users to create, modify and delete the relations, tuples or attributes of the databases using DDL(Data Definition Language) and insert, update and delete data within the database using DML(Manipulation language). However, it also contains the vulnerability known as SQL injection in which hackers make the use of unsanitized input in queries of SQL. As SQL eases the handling of data, it is necessary for the management of websites content, mobile applications and systems of different companies and SQL injection can be occurred when doubtful data is directly inserted before validation of the SQL statement. Attackers are even able to obtain access to the database and alter the SQL queries to the databases. [ 1 ] For the prevention of the SQL injection attacks, it is essential to implement the input validation before providing the user input to the SQL queries. [ 2 ] 2.1 Review of some available SQL injection Detection Techniques Detecting SQL injection attacks is a critical component of online application security. Numerous strategies and procedures have been developed to recognize and stop these attacks. Here is a summary of several current approaches and the problems they face: Methods Description Challenges Signatures Based Detection For signature-based detection, known SQL injection attack strings are used as predetermined patterns or signatures. It looks for these patterns when incoming requests and queries are examined. [ 21 ] • Limitations make it ineffective against new attacks and only useful against known attack patterns. • Susceptible to methods of evasion because attackers can disguise attack strings Blacklisting Input Blacklisting filters or obstructs particular characters or keywords linked to SQL injection attacks. [ 23 ] • It is easily thwarted by attackers proficient in evasion methods or other encodings. • Susceptible to false positives since valid input may be suppressed if it contains blacklisted characters Whitelisting Input It restricts input to predetermined, secure characters and patterns while rejecting any input that does not adhere to the whitelist. [ 27 ] • Developing and maintaining an exhaustive whitelist can be difficult and error-prone. • Authentic input that deviates from the whitelist might be blocked. Input Validation and sanitization Input validation ensures that input data corresponds to expected formats by comparing it to predetermined criteria (such as data type and length). Changing input to remove potential hazards is known as input sanitization. [ 24 ] • Implementing a complex validation rule can be difficult, resulting in false positives and false negatives. • Sanitization might change data unintentionally, impacting the functionality of applications. Behavioral Analysis: While observing and analyzing application behavior, the behavioral analysis looks for odd patterns or anomalies that could be signs of an attack. [ 26 ] • It needs to establish a baseline of typical behavior, which might be difficult. • This could result in erroneous warnings for valid traffic deviations. Web Application Firewalls Based on recognized attack patterns, WAFs examine incoming traffic and apply predetermined rules to deny or permit requests. [ 22 ] • Attackers can use zero-day assaults or evasion strategies to get around WAFs. • False positives and negatives might restrict access for authorized users. Machine Learning with Anomaly Detection ML models examine patterns and behavior in incoming requests to detect deviations from expected traffic. [ 17 ] • Requires labelled training data, which might be hard to come by. • Adversarial assaults can alter traffic patterns to avoid detection. Database Security Features To guard against unauthorized access and SQL injection, modern databases incorporate security characteristics including access limits and authentication. [ 25 ] • Managing and configuring database security settings might be difficult. • At the application layer, these features do not prevent SQL injection. 2.2 Challenges with SQL Injection Detection Techniques Evasion Techniques : Attackers are always coming up with new ways to avoid detection, making it challenging to keep one step ahead of them.[ 28 ] False Positives and Negatives : Several detection techniques result in false alarms (false positives) or fail to identify attacks (false negatives), affecting security and user experience.[ 30 ] Complexity and Upkeep : Implementing and keeping up with efficient SQL injection detection techniques can be time-consuming and error-prone.[ 29 ] Legacy Code : Adding contemporary security techniques, like parameterized queries, to legacy programs might be difficult.[ 14 ] Adaptation to evolving attacks : As SQL injection assaults change, detection techniques must also change to recognize new attack patterns and behaviors. To effectively limit the danger of SQL injection attacks, so sometimes it is advised to use a multi-layered security approach that combines multiple detection mechanisms and emphasizes secure coding practices [ 16 ]. . The main topic of this study is DCNN-based SQL injection attack detection. The remaining details in this study will focus on the SQL injection by the Deep Learning method utilized in this implementation-based approach. 3 Proposed Work Traditional filtering systems have numerous challenges due to increased attack tactics. With the benefit of greater processing power as well as the fast advancement of deep learning technologies, the goal is to select a suitable framework based on deep learning through an experimental approach to determine whether HTTP requests contain harmful code for SQL Injection Attacks. This will boost up detection accuracy and lower the training loss. An attacker may package the injected attack code in various ways to get over the filtering system. As a result, before using the training data in the neural network model, firstly it must be cleaned. We employed a DCNN for study comparison. The Tensorboard part of the Tensor Flow framework is used to visualize the training process and evaluate the model's speed and usefulness. The dataset is tested to verify the model's accuracy. Then, the dataset is trained in a better way for achieving remarkable value of the evaluation metrics. For a production-ready system, we need to train the model on a larger and more diverse dataset and consider additional techniques for improving accuracy and robustness.For deep learning model creation, tokenizer and sequence padding modules are imported. NumPy is used to process text and perform numerical computations. The data is provided in the form of SQL queries. Labels are assigned, with 0 indicating regular searches and 1 indicating SQL injection attempts. Text is converted to numerical sequences using tokenizer. Padding is used to guarantee that sequences are uniform in length, which is required for neural network input. For model training, labels are transformed to a NumPy array. Keras is used to construct a sequential model, and the embedding layer turns words to dense vectors. Convolutional layers aid in the detection of patterns in data. Dimensions are reduced by using global max pooling. For feature extraction, dense layers with ReLU activation are used. For binary classification, the final dense layer with sigmoid activation is employed. For binary classification, the binary cross-entropy loss and the Adam Optimizer are used to construct the model. For demonstration purposes, new SQL query texts are provided. To prepare input for the trained model, tokenization and padding are used. The model predicts whether each input represents a normal query or an attempt at SQL injection. The model's predictions are used to generate the results. 3.1 Clean Mock Data Clean mock data is manufactured or simulated data meant to resemble real-world data. Still, it does not hold any personally identifiable information (PII) or other sensitive or private information. When real data cannot be used because of privacy concerns, legal limitations, or the need to preserve secret information, it is frequently used in development, testing, and other scenarios. An example of clean mock data that could be used for SQL injection detection is as given below: - new_texts = [ "SELECT * FROM customers WHERE id = 123", "UPDATE products SET price = 0 WHERE id = 5", "DELETE FROM orders WHERE id = 2 OR 1 = 1”, # SQL injection attempt "INSERT INTO logs (message) VALUES ('SQL injection attack')", # SQL injection attempt "SELECT username, email FROM users WHERE role='admin'", "DROP TABLE users", # SQL injection attempt "SELECT * FROM products", "UPDATE users SET password='newpass' WHERE id = 42", "INSERT INTO orders (product_id, quantity) VALUES (123, 5)", "DELETE FROM customers WHERE id = 456",] new_labels = [0, 0, 1, 1, 0, 1, 0, 0, 0, 0] # 0 for normal, 1 for SQL injection Using clean mock data is essential in SQL injection detection methods for several reasons: To train and test the detection model it is beneficial to have clean data. The model can be trained by utilizing the dataset that is made up of the queries which makes it able to differentiate between normal and malicious input which can be fruitful in detection of mistrustful queries. Using data as a reference point allows for analysis and comparison purposes. We can compare the input data with the queries introduced, it can detect the abnormalities having the relationship with SQL injection attacks. Without the presence of clean mock data, it might mistake for the model to differentiate between the normal queries and malicious queries. Training on the data can augment the accuracy of the detection system. By optimization of techniques or model, it permits us to change boundaries like limit values or choice limits based on comprehension of information designs. Clean mock data assures that the proposed data model remains compliant throughout the various SQL query structures in order to detect patterns in queries, which increases its adaptability to different application structure. If we are successful in improving the model containing clean data which demonstrates SQL injection attack techniques, then there is possibility for amending its adequacy for finding out new attack patterns and reconcile accordingly. Therefore, clean mock data is essential for the evaluation and training of datasets which are able to perceive SQL injection attack which permits the proposed model to differentiate between normal and fraudulent queries. 3.2 Detecting SQL Injection using the DCNN model We used Python to implement our method utilizing the TensorFlow and Keras frameworks built on top of TensorFlow. Below we outline the steps we followed to identify SQL injection using this model. Importing Libraries: To start we imported libraries, like TensorFlow and Keras for learning purposes NumPy for operations, and matplotlib for visualizing data. Sample Data: We defined a sample dataset consisting of SQL queries (texts) and their corresponding labels (labels). Labels are set to 0 for normal queries and 1 for SQL injection attempts. Tokenization and Padding: We used the Tokenizer class from Keras to tokenize the SQL queries and pad them to a fixed length using pad sequences. This step converts the text data into a numerical format suitable for training. Defining the DCNN Model: We defined a DCNN model using Keras. The model consists of several layers: Embedding Layer: Converts words to dense vectors. Convolutional Layers: Detects patterns in the tokenized sequences. Global Max Pooling Layer: Reduces dimensions by selecting the maximum value. Dense Layers: The layers are completely linked, using ReLU (Rectified Linear Unit) activation. For binary classification, the output layer has a single neuron with sigmoid activity. Compiling the Model: By setting the optimizer, loss function i.e. binary cross-entropy, and evaluation measure (accuracy), we were able to gather the model. Training the Model: We introduced the model on the sample data (SQL queries and labels) for several epochs. New Data: We provided a set of new SQL queries (new_ texts) and their corresponding labels (new_labels) for testing. Tokenizing and Padding New Data: Similar to the training data, we tokenized and padded the new SQL queries to the same length as the training data. Predictions: We used the trained model to predict whether each new SQL query is an SQL injection attempt or a normal query based on a threshold of 0.5. The predictions are printed accordingly. The DCNN model is made up of three convolutional layers, a global max pooling layer, and a fully connected layer. The first convolutional layer has 32 filters, the second layer contains 64 filters, and the third layer contains 128 filters, each of which is 3*3. These filters, or convolutional kernels, detect different features or patterns in the input data and contribute to the model's ability to recognize patterns in the SQL queries for SQL injection detection. A kernel of size 3 means that it considers three consecutive elements at a time while performing convolution. The model can identify local patterns in the input data by swiping the kernel across the token sequences. Rectified Linear Unit, or ReLU, is the activation function in this case. The graph below provides a visual representation of the proposed DCNN model's training and validation processes. 4 Result and discussion The model used in this research for SQL injection detection does not require a very fast machine. A laptop running Windows WSL2 with an AMD Ryzen 7 5700U CPU and 16GB RAM made up the experimental setup. Based on Tensorflow 2.14.0, the Keras framework is used with Python 3.11.0 as the programming language. 4.1 Data Description Dataset Composition: The data consists of raw SQL queries as text strings. The dataset consists of 30873 unique values. Labels: Each query is labelled with a binary indicator (0 or 1), where 0 represents a normal query and 1 indicates an SQL injection attempt. Source: The dataset is from Kaggle, part of a user-uploaded dataset for community use. 4.2 Confusion Matrix A confusion matrix can be used to evaluate a model's performance in machine learning and classification issues, particularly in binary or multi-class classification tasks. It makes it easier to understand how closely a model's predictions match the actual ground truth labels. The true positive (T.P.), true negative (T.N.), false positive (F.P.), and false negative (F.N.) values are commonly shown using a square matrix. The confusion matrix breaks down the model's predictions in great depth which is essential in this DCNN-based SQL Injection Detection model to assess the standards of the binary classification model to detect SQL injection attacks. For example, T.P. is an instance in which the model properly anticipates a positive class (SQL injection attack), and T.N. is are instance in which the model correctly predicts a negative class (no SQL injection attack). F.N. are cases in which the model predicts a negative class incorrectly (fails to identify an actual SQL injection attempt) meanwhile F.P. is when the model predicts a positive class mistakenly (expects SQL injection when there isn't one). Injection predictions in great depth which is essential in this DCNN-based SQL Injection Detection model to assess the standards of the binary classification model to detect SQL injection attacks. For example, T.P. is an instance in which the model properly anticipates a positive class (SQL injection attack), and T.N. is are instance in which the model correctly predicts a negative class (no SQL injection attack). F.N. are cases in which the model predicts a negative class incorrectly (fails to identify an actual SQL injection attempt) meanwhile F.P. is when the model predicts a positive class mistakenly (expects SQL injection when there isn't one). Table 1: Comparison of some of the existing algorithms via their accuracy Reference Some Existing techniques Size of the datasets Accuracy of the model [ 32 ] Decision Tree 100,496 legal inputs and 7576 malicious SQL queries 99.5% [ 4 ] Logistic Regression 8800 non-vulnerable files and 950 vulnerable PHP 95.1% [ 1 ] Linear Discriminant 616 SQL statements 93.7% [ 1 ] Cubic SVM 616 SQL statements 93.7% [ 1 ] Ensemble boosted tree 616 SQL statements 93.8% [ 1 ] Gaussian SVM 616 SQL statements 93.5% [ 1 ] Bagged tree 616 SQL statements 93.8% [ 4 ] Random Forest 8800 non-vulnerable files and 950 vulnerable PHP 93.6% [ 12 ] Naïve Bayes 93.3% [ 32 ] TensorFlow Boosted Tree Classifier 100,496 legal inputs and 7576 malicious SQL queries 99.6% [ 32 ] AdaBoost classifier 100,496 legal inputs and 7576 malicious SQL queries 99.5% [ 32 ] SGD classifier 100,496 legal inputs and 7576 malicious SQL queries 98.6% [ 4 ] CNN 8800 non-vulnerable files and 950 vulnerable PHP 95.3% [ 4 ] RNN 8800 non-vulnerable files and 950 vulnerable PHP 95.3% After reviewing the lots of previous research papers, we are able to conclude at TensorFlow Boosted Trees Classifier, AdaBoost classifier, Decision Tree are able to give less bit more accuracy than that of CNN or RNN. Proposed model doesn’t struggle with adaptability and can be proved as better medium for the effective identification of SQL injection attack. Due to this feature, it can ensure sustainability and reliability. The comparison work was eased by the review articles [ 1 , 33 ]. Table 2: Evaluation Metrics obtained by our DCNN model and its value S.N. Evaluation Metrics Values 1. True Positives 603 2. True Negatives 210 3. False Positives 23 4. False Negatives 4 5. Accuracy 0.9678 6. Precision 0.9632 7. Recall 0.9934 8. F1 score 0.9780 First, we limited the number of epochs to 10, which resulted in a loss of roughly 0.5 to 0.6. Subsequently, we kept checking by varying the number of epochs to 50, 100, 70, 60, 45, 40 and so on. Afterwards, when we restricted the number of epochs to 41, it gave us the highest accuracy and low training loss. It assured us the effective recall, precision value as well as F1 score. 5 Conclusion In essence, the proposed approach provides a technique for the detection of SQL injection attack with the help of DCNN. It is efficient for differentiating between normal SQL queries and the malicious SQL queries which has the potential to harm the system or individuals by obtaining the illegitimate access by the help of text inputs. The implemented model shows its promise for productively identifying the danger accompanying SQL injection. The accuracy, recall, precision and F1 score proves its potential. The blend of convolutional layers and the global max pooling layers magnifies the capability of the model for the acknowledging patterns in SQL queries which allows it to categorize patterns. It learns the demonstration through the layers and embedding techniques. The promising performance of this learning model for SQL injection attack detection shows its higher ability as an equipment for the cybersecurity measures for databases, websites and various application. Complete analysis measures validate its competence in obtaining the equilibrium between specificity and sensitivity which is a feature for minimization of positives and negative. Moreover, for the enhancement of the potentiality of the approach, the future research will focus on analyzation of methods for data augmentation associated with the SQL injection attacks. Sampling or under-sampling techniques can be used for undertaking the variances in the datasets in order to accomplish the data augmentation. Declarations Competing Interests: The authors declare that they have no competing financial and/or non-financial interests related to this research. Funding: This research did not receive any specific grant from funding agencies in the public, commercial, or not-for-profit sectors. Author Contribution Sneha Baral BK wrote the main manuscript text and Hakam Singh guided the Sneha and reviewed the manuscript References Muslihi MT, Alghazzawi D, Detecting SQL (2020) Injection on Web Application Using Deep Learning Techniques: A Systematic Literature Review. In Proceedings of the 2020 Third International Conference on Vocational Education and Electrical Engineering(ICVEE), Surabaya, Indonesia, 3–4 October Aliero MS, Qureshi KN, Pasha MF, Ghani I, Yauri RA (2020) Systematic Review Analysis with SQLIA Detection and Prevention Approaches. Wirel Pers Commun 112:2297–2333 [CrossRef] Hasan M, Tarique M Detection of SQL Injection Attacks: A Machine Learning Approach. In Proceedings of the 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), Ras Al Khaimah, United Arab Emirates, 19–21 November 2019 Gao H, Zhu J, Liu L, Xu J, Wu Y, Liu A, Detecting SQL (2019) Injection Attacks Using Grammar Pattern Recognition and Access Behavior Mining. In Proceedings of the 2019 IEEE International Conference on Energy Internet (ICEI), Nanjing, China, 27–31 May Gandhi N A CNN-BiLSTM based Approach for Detection of SQL Injection Attacks. In Proceedings of the 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Dubai, United Arab Emirates, 17–18 March 2021;pp. 378–383 Zhang K, Dataset AT (2019) A Machine Learning based Approach to Identify SQL Injection Vulnerabilities. In Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA, 11–15 November ; pp. 2019–2021 Li QI, Li W, Wang J (2019) A SQL Injection Detection Method Based on Adaptive Deep Forest. IEEE Access 7:145385–145394 Tripathy D, Gohil R, Halabi T, Detecting SQL (2020) Injection Attacks in Cloud SaaS using Machine Learning. In Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (Bigdata Security), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Baltimore, MD, USA, 25–27 May ; pp. 145–150 Sivasangari A SQL Injection Attack Detection using Machine Learning Algorithm. In Proceedings of the 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 3–5 June 2021; pp. 1166–1169 Chen D, Yan Q, Wu C, Zhao J (2021) SQL injection attack detection and prevention techniques using deep learning. In Journal of Physics: Conference Series (Vol. 1757, No. 1, p. 012055). IOP Publishing Tang P, Qiu W, Huang Z, Lian H, Liu G (2020) Detection of SQL injection based on artificial neural network. Knowl -Based Syst 190:105528 Zhang H, Zhao J, Zhao B, Yan X, Yuan H, Li F SQL injection detection based on deep belief network. In Proceedings of the CSAE 2019: Proceedings of the 3rd International Conference on Computer Science and Application Engineering, Sanya, China, 22–24 October 2019. [CrossRef] Sabir B, Ullah F, Babar MA, Gaire R (2021) Machine learning for detecting data exfiltration: A review. ACM Comput Surv (CSUR) 54(3):1–47 Sheth T, Anap J, Patel H, Singh N, Ramya RB (2023), May Detection of SQL Injection Attacks by giving apriori to Q-Learning Agents. In 2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET) (pp. 1–6). IEEE Nasereddin M, ALKhamaiseh A, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Inform Secur Journal: Global Perspective 32(4):252–265 Rattrout A, Jaradat M, Jayousi R (2023) Machine Learning Advancements in SQL Injection Detection. NLP and Feature Engineering Strategies Goyal A, Matta P (2023), September Beyond the Basics: A Study of Advanced Techniques for Detecting and Preventing SQL Injection Attacks. In 2023 4th International Conference on Smart Electronics and Communication (ICOSEC) (pp. 628–631). IEEE Krishnan SA, Sabu AN, Sajan PP, Sreedeep AL (2021) SQL injection detection using machine learning. Vol, 11, 11 Min L, Ranxin G, Guanlin S, Wei C, Xiaotian X (2022), June The Detection and Defense Mechanism for SQL Injection Attack Based on Web Application. In 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC) (Vol. 10, pp. 1467–1470). IEEE Stewart H (2022) Security versus compliance: an empirical study of the impact of industry standards compliance on application security. Int J Software Eng Knowl Eng 32(03):363–393 Gupta A, Sharma LS (2022) A novel approach for detecting sql injection attacks using snort. J Institution Eng (India): Ser B 103(5):1443–1451 Alotaibi FM, Vassilakis VG (2023) Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks. Future Internet 15(5):170 Qbea'h M, Alrabaee S, Alshraideh M, Sabri KE (2022), December Diverse Approaches Have Been Presented to Mitigate SQL Injection Attack, But It Is Still Alive: A Review. In 2022 International Conference on Computer and Applications (ICCA) (pp. 1–5). IEEE Al Azhar MF, Harwahyu R (2023) DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS. MULTITEK INDONESIA, 17(1) Hadabi A, Elsamani E, Abdallah A, Elhabob R (2022) An efficient model to detect and prevent SQL injection attack. Journal of Karary University for Engineering and Science Nasereddin M, ALKhamaiseh A, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Inform Secur Journal: Global Perspective 32(4):252–265 Zhang W, Li Y, Li X, Shao M, Mi Y, Zhang H, Zhi G (2022) Deep neural network-based SQL injection detection method. Security and Communication Networks, 2022 Nasereddin M, ALKhamaiseh A, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Inform Secur Journal: Global Perspective 32(4):252–265 Roobini MS, Srividhya SR, Vennela K, Nikhila G (2022), March Detection of SQL Injection Attack Using Adaptive Deep Forest. In 2022 International Conference on Communication, Computing and Internet of Things (IC3IoT) (pp. 1–6). IEEE Crespo-Martínez IS, Campazas-Vega A, Guerrero-Higueras ÁM, Riego-DelCastillo V, Álvarez-Aparicio C, Fernández-Llamas C (2023) SQL injection attack detection in network flow data. Computers & Security 127:103093 Rankothge WH, Randeniya M, Samaranayaka V (2020) Identification and Mitigation Tool for Sql Injection Attacks (SQLIA), 2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS), RUPNAGAR, India, pp. 591–595, 10.1109/ICIIS51140.2020.9342703 Uwagbole SO, Buchanan WJ, Fan L (2017) An Applied Pattern-Driven Corpus to Predictive Analytics in Mitigating SQL Injection Attack. In Proceedings of the 2017 Seventh International Conference on Emerging Security Technologies (EST), Canterbury, UK, 6–8 September ; pp. 12–17 Alghawazi M, Alghazzawi D, Alarifi S (2022) Detection of sql injection attack using machine learning techniques: a systematic literature review. J Cybersecur Priv 2(4):764–777 Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-3848810","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":266393472,"identity":"dcc58ec4-b14a-46eb-82cd-c28d99bd80bf","order_by":0,"name":"Sneha Baral BK Sneha","email":"","orcid":"","institution":"Chitkara University School of Engineering and Technology, Chitkara University, Solan, Himachal Pradesh","correspondingAuthor":false,"prefix":"","firstName":"Sneha","middleName":"Baral BK","lastName":"Sneha","suffix":""},{"id":266393473,"identity":"dd23db76-23da-41d2-84a1-d053a291998f","order_by":1,"name":"Hakam Singh","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA+0lEQVRIiWNgGAWjYBACAwY2ECUBRIwNBxIqgGxm5gZitTAfPPDgDEgLI1FaQLrYkg8+bAOxCGgxZz+W+OnGH4s8+egegwOJ82qj+duBWn5UbMOpxbIn7bB0bptEseGdM0At247nzjjM2MDYc+Y2bocdSG+Qzm2QSNw4Iwek5VhuA1ALM2MbHi3nnzf/zvkD0zLnWO58glpupB2TzmGTSJwvkZZwILGhJncDYS3P0qyBfkncIJF84EDCsQO5G4FaDuL1y/k049s5f+oS589IbP74o6Yud975wwcf/KjArQUpHMDUYTB5gLB6IJBvAFN1RCkeBaNgFIyCkQUAnrdoJe2jx3IAAAAASUVORK5CYII=","orcid":"","institution":"Chitkara University School of Engineering and Technology, Chitkara University, Solan, Himachal Pradesh","correspondingAuthor":true,"prefix":"","firstName":"Hakam","middleName":"","lastName":"Singh","suffix":""}],"badges":[],"createdAt":"2024-01-09 16:44:16","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-3848810/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-3848810/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":49509735,"identity":"1555c200-884b-4400-89f9-eb97afdf3f7a","added_by":"auto","created_at":"2024-01-12 05:46:04","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":407701,"visible":true,"origin":"","legend":"\u003cp\u003eWorking of SQL relation and SQL injection attacks\u003c/p\u003e","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/2812a185ba2ba9d5f76f22f3.png"},{"id":49509739,"identity":"f038ccd0-56ff-4598-93c9-f8be8b32f449","added_by":"auto","created_at":"2024-01-12 05:46:04","extension":"png","order_by":2,"title":"Figure 2","display":"","copyAsset":false,"role":"figure","size":849511,"visible":true,"origin":"","legend":"\u003cp\u003eFunctioning of SQL injection\u003c/p\u003e","description":"","filename":"2.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/1e89f4f430f65506f87af34b.png"},{"id":49509736,"identity":"58d9ee7f-7509-45ab-a700-845a92b7a6fc","added_by":"auto","created_at":"2024-01-12 05:46:04","extension":"png","order_by":3,"title":"Figure 3","display":"","copyAsset":false,"role":"figure","size":685679,"visible":true,"origin":"","legend":"\u003cp\u003ePrevention of SQL Injection Attacks on Web Application using Sea WAF\u003c/p\u003e","description":"","filename":"3.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/8b895e6059b03c16f9362b25.png"},{"id":49509734,"identity":"5908b9c9-7c38-45c8-a0df-c42e4b370d4b","added_by":"auto","created_at":"2024-01-12 05:46:03","extension":"png","order_by":4,"title":"Figure 4","display":"","copyAsset":false,"role":"figure","size":36326,"visible":true,"origin":"","legend":"\u003cp\u003eDeep Convolutional Neural Network for our proposed approach\u003c/p\u003e","description":"","filename":"4.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/72351f49d8342b4a1683fb93.png"},{"id":49510036,"identity":"5e6ffa99-f599-4121-9a5b-9729c5e41428","added_by":"auto","created_at":"2024-01-12 05:54:04","extension":"png","order_by":5,"title":"Figure 5","display":"","copyAsset":false,"role":"figure","size":143408,"visible":true,"origin":"","legend":"\u003cp\u003e\u003cstrong\u003e(a):\u003c/strong\u003eVisualization of Training \u0026amp; Validation Loss\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e(b):\u003c/strong\u003e Visualization of Training \u0026amp; Validation Accuracy and Loss\u003c/p\u003e","description":"","filename":"5.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/27a1ac64b3735bd7890273ec.png"},{"id":49509740,"identity":"12866a8e-6362-4150-97f7-909593c9e1dc","added_by":"auto","created_at":"2024-01-12 05:46:04","extension":"png","order_by":6,"title":"Figure 6","display":"","copyAsset":false,"role":"figure","size":104680,"visible":true,"origin":"","legend":"\u003cp\u003eConfusion Matrix for the DCNN model.\u003c/p\u003e","description":"","filename":"6.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/6c58120455666fd9a10f5955.png"},{"id":49510321,"identity":"380b0173-2644-49f8-bd72-43d87e918418","added_by":"auto","created_at":"2024-01-12 06:02:04","extension":"png","order_by":7,"title":"Figure 7","display":"","copyAsset":false,"role":"figure","size":34408,"visible":true,"origin":"","legend":"\u003cp\u003e\u003cstrong\u003eFig 6:\u003c/strong\u003eVisualization of Evaluation Metrics used in the proposed DCNN Model.\u003c/p\u003e","description":"","filename":"7.png","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/e345daf0d9c0df7bc084af85.png"},{"id":51200967,"identity":"85842f6d-bfb7-4ee6-aaa7-9dcc7046f7b2","added_by":"auto","created_at":"2024-02-15 21:53:11","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1034797,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-3848810/v1/0f5642ee-96a8-42bc-ad53-aa46dcb827ee.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Augmenting SQL Injection Attack Detection via Deep Convolutional Neural Network","fulltext":[{"header":"1 Introduction","content":"\u003cp\u003eSQL injection attacks which is also known as SQLi, it has an instability to the security of web applications and various databases which can be hazardous. These attacks belong to a group of nefarious methods that exploit weaknesses in how web applications process user inputs, particularly regarding database queries [\u003cspan class=\"CitationRef\"\u003e5\u003c/span\u003e]. SQL injection attacks give malicious actors the ability to change the format and content of SQL queries submitted to a database, giving them access to private information, changing the contents of the database, or running malicious code on the underlying systems. [\u003cspan class=\"CitationRef\"\u003e8\u003c/span\u003e]\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eAttacks using SQL Injection have a really simple underlying premise. When a web application communicates with a database, it frequently creates SQL queries by fusing user inputs with preset SQL code. Attackers, however, can insert harmful SQL code within these inputs if the application does not sufficiently check and sanitize user inputs. When the application submits this corrupted input to the database, it runs the inserted SQL code like a query. Unfortunately, this often leads to outcome i.e. SQL injection attack. [\u003cspan class=\"CitationRef\"\u003e10\u003c/span\u003e]\u003c/p\u003e\n\u003cp\u003eIn the battle against SQL injection attacks, innovational technologies like artificial intelligence and machine learning have become essential. To improve cyber threat detection and prevention certain machine learning models, such as networks have shown promise. Deep Convolutional Neural Networks (DCNNs) are often employed for the analyzation of image as well as sequenced data. It plays one of the important roles in Information and Communication Technology and can also be applied for the robustness of cybersecurity. DCNN has an adequacy to be trained for recognition of different irregularities as well as patterns which can be observed in the structure of SQL queries which permit a successful differentiation between the normal input and the malicious input. By leveraging intrinsic stratified capabilities, the learning potentiality of DCNN can discover the uncertainty in SQL query which may specify as a SQL injection attempt. In DCNN, various convolutional layers are exceptionally better for capturing the relationships using the local patterns enclosed by the input data. Blending the DCNN with other machine learning procedures can support for a defense mechanism against the SQL injection attacks. Furthermore, it plays an important role in the development of the research and the resilience of DCNN facilitates for altering and obtaining knowledge from the ongoing risks factor which assemble it to make the precious advantages in the varying department of cybersecurity. The adequacy against the advancing SQL injection strategies utilized by the people can be utilized by updating and retraining of the proposed model. This adds to the vigor of web applications and data sets accordingly towards developing online protection dangers. SQL injection attacks can be hazardous for the several reasons and among them some of following are listed below: -\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eExfiltrating the Data: The databases is usually used for storing the meaningful data and credentials which includes user ID, personal details, various security details such as passwords, search history, transactions history done for financial purposes which may result in identity theft or destructive plans by hackers.[\u003cspan class=\"CitationRef\"\u003e13\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eManipulating the Data: As databases contains the meaningful information, SQL injection method can be used for the alteration for information stored over there. This may create the system crashes, corrupted data and other harmful effects.[\u003cspan class=\"CitationRef\"\u003e5\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIllegitimate Access: Hackers can enter to the web applications and the control panels and the web applications by passing the systems authentication which permits them to control the programs and initiate the attacks on different individuals or companies.[\u003cspan class=\"CitationRef\"\u003e15\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eElevated Privileges: In specific cases, malicious actors can raise the honors inside a weak dataset or database which can be able to ruin the whole system.[\u003cspan class=\"CitationRef\"\u003e19\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDamage of Reputation: The successful SQL injections may have the ability to ruin the reputation of the by hindering the consumers as well as the client trust.[\u003cspan class=\"CitationRef\"\u003e17\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt is necessary for the continuation of useful measures such as SQL queries, validation of input and other advance software for detection to minimize the dangerous attacks and even hackers may design and evolve new techniques for injection SQL databases. So for the better output, different companies have put their steps forward for the formation and execution for the detection and prevention of SQL injection attacks.\u003c/p\u003e"},{"header":"2 SQL injection Attacks","content":"\u003cp\u003eSQL is a standard language that is used to work in a various databases which permits the users to create, modify and delete the relations, tuples or attributes of the databases using DDL(Data Definition Language) and insert, update and delete data within the database using DML(Manipulation language). However, it also contains the vulnerability known as SQL injection in which hackers make the use of unsanitized input in queries of SQL. As SQL eases the handling of data, it is necessary for the management of websites content, mobile applications and systems of different companies and SQL injection can be occurred when doubtful data is directly inserted before validation of the SQL statement. Attackers are even able to obtain access to the database and alter the SQL queries to the databases. [\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e] For the prevention of the SQL injection attacks, it is essential to implement the input validation before providing the user input to the SQL queries. [\u003cspan class=\"CitationRef\"\u003e2\u003c/span\u003e]\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cdiv id=\"Sec3\" class=\"Section2\"\u003e\n\u003ch2\u003e2.1 Review of some available SQL injection Detection Techniques\u003c/h2\u003e\n\u003cp\u003eDetecting SQL injection attacks is a critical component of online application security. Numerous strategies and procedures have been developed to recognize and stop these attacks. Here is a summary of several current approaches and the problems they face:\u003c/p\u003e\n\u003cdiv class=\"gridtable\"\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003ctable id=\"Taba\" border=\"1\"\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth align=\"left\"\u003e\n\u003cp\u003eMethods\u003c/p\u003e\n\u003c/th\u003e\n\u003cth align=\"left\"\u003e\n\u003cp\u003eDescription\u003c/p\u003e\n\u003c/th\u003e\n\u003cth align=\"left\"\u003e\n\u003cp\u003eChallenges\u003c/p\u003e\n\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eSignatures Based Detection\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eFor signature-based detection, known SQL injection attack strings are used as predetermined patterns or signatures. It looks for these patterns when incoming requests and queries are examined. [\u003cspan class=\"CitationRef\"\u003e21\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; Limitations make it ineffective against new attacks and only useful against known attack patterns.\u003c/p\u003e\n\u003cp\u003e\u0026bull; Susceptible to methods of evasion because attackers can disguise attack strings\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eBlacklisting Input\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eBlacklisting filters or obstructs particular characters or keywords linked to SQL injection attacks. [\u003cspan class=\"CitationRef\"\u003e23\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; It is easily thwarted by attackers proficient in evasion methods or other encodings.\u003c/p\u003e\n\u003cp\u003e\u0026bull; Susceptible to false positives since valid input may be suppressed if it contains blacklisted characters\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eWhitelisting Input\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eIt restricts input to predetermined, secure characters and patterns while rejecting any input that does not adhere to the whitelist. [\u003cspan class=\"CitationRef\"\u003e27\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; Developing and maintaining an exhaustive whitelist can be difficult and error-prone.\u003c/p\u003e\n\u003cp\u003e\u0026bull; Authentic input that deviates from the whitelist might be blocked.\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eInput Validation and sanitization\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eInput validation ensures that input data corresponds to expected formats by comparing it to predetermined criteria (such as data type and length). Changing input to remove potential hazards is known as input sanitization. [\u003cspan class=\"CitationRef\"\u003e24\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; Implementing a complex validation rule can be difficult, resulting in false positives and false negatives.\u003c/p\u003e\n\u003cp\u003e\u0026bull; Sanitization might change data unintentionally, impacting the functionality of applications.\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eBehavioral Analysis:\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eWhile observing and analyzing application behavior, the behavioral analysis looks for odd patterns or anomalies that could be signs of an attack. [\u003cspan class=\"CitationRef\"\u003e26\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; It needs to establish a baseline of typical behavior, which might be difficult.\u003c/p\u003e\n\u003cp\u003e\u0026bull; This could result in erroneous warnings for valid traffic deviations.\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eWeb Application Firewalls\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eBased on recognized attack patterns, WAFs examine incoming traffic and apply predetermined rules to deny or permit requests. [\u003cspan class=\"CitationRef\"\u003e22\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; Attackers can use zero-day assaults or evasion strategies to get around WAFs.\u003c/p\u003e\n\u003cp\u003e\u0026bull; False positives and negatives might restrict access for authorized users.\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eMachine Learning with Anomaly Detection\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eML models examine patterns and behavior in incoming requests to detect deviations from expected traffic. [\u003cspan class=\"CitationRef\"\u003e17\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; Requires labelled training data, which might be hard to come by.\u003c/p\u003e\n\u003cp\u003e\u0026bull; Adversarial assaults can alter traffic patterns to avoid detection.\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eDatabase Security Features\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eTo guard against unauthorized access and SQL injection, modern databases incorporate security characteristics including access limits and authentication. [\u003cspan class=\"CitationRef\"\u003e25\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e\u0026bull; Managing and configuring database security settings might be difficult.\u003c/p\u003e\n\u003cp\u003e\u0026bull; At the application layer, these features do not prevent SQL injection.\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c/div\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec4\" class=\"Section2\"\u003e\n\u003ch2\u003e2.2 Challenges with SQL Injection Detection Techniques\u003c/h2\u003e\n\u003col style=\"list-style-type: lower-alpha;\"\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eEvasion Techniques\u003c/strong\u003e: Attackers are always coming up with new ways to avoid detection, making it challenging to keep one step ahead of them.[\u003cspan class=\"CitationRef\"\u003e28\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFalse Positives and Negatives\u003c/strong\u003e: Several detection techniques result in false alarms (false positives) or fail to identify attacks (false negatives), affecting security and user experience.[\u003cspan class=\"CitationRef\"\u003e30\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eComplexity and Upkeep\u003c/strong\u003e: Implementing and keeping up with efficient SQL injection detection techniques can be time-consuming and error-prone.[\u003cspan class=\"CitationRef\"\u003e29\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eLegacy Code\u003c/strong\u003e: Adding contemporary security techniques, like parameterized queries, to legacy programs might be difficult.[\u003cspan class=\"CitationRef\"\u003e14\u003c/span\u003e]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAdaptation to evolving attacks\u003c/strong\u003e: As SQL injection assaults change, detection techniques must also change to recognize new attack patterns and behaviors. To effectively limit the danger of SQL injection attacks, so sometimes it is advised to use a multi-layered security approach that combines multiple detection mechanisms and emphasizes secure coding practices [\u003cspan class=\"CitationRef\"\u003e16\u003c/span\u003e].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e.\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eThe main topic of this study is DCNN-based SQL injection attack detection. The remaining details in this study will focus on the SQL injection by the Deep Learning method utilized in this implementation-based approach.\u003c/p\u003e\n\u003c/div\u003e"},{"header":"3 Proposed Work","content":"\u003cp\u003eTraditional filtering systems have numerous challenges due to increased attack tactics. With the benefit of greater processing power as well as the fast advancement of deep learning technologies, the goal is to select a suitable framework based on deep learning through an experimental approach to determine whether HTTP requests contain harmful code for SQL Injection Attacks. This will boost up detection accuracy and lower the training loss. An attacker may package the injected attack code in various ways to get\u003c/p\u003e \u003cp\u003eover the filtering system. As a result, before using the training data in the neural network model, firstly it must be cleaned. We employed a DCNN for study comparison. The Tensorboard part of the Tensor Flow framework is used to visualize the training process and evaluate the model's speed and usefulness. The dataset is tested to verify the model's accuracy. Then, the dataset is trained in a better way for achieving remarkable value of the evaluation metrics. For a production-ready system, we need to train the model on a larger and more diverse dataset and consider additional techniques for improving accuracy and robustness.For deep learning model creation, tokenizer and sequence padding modules are imported. NumPy is used to process text and perform numerical computations. The data is provided in the form of SQL queries. Labels are assigned, with 0 indicating regular searches and 1 indicating SQL injection attempts. Text is converted to numerical sequences using tokenizer. Padding is used to guarantee that sequences are uniform in length, which is required for neural network input. For model training, labels are transformed to a NumPy array. Keras is used to construct a sequential model, and the embedding layer turns words to dense vectors. Convolutional layers aid in the detection of patterns in data. Dimensions are reduced by using global max pooling. For feature extraction, dense layers with ReLU activation are used. For binary classification, the final dense layer with sigmoid activation is employed. For binary classification, the binary cross-entropy loss and the Adam Optimizer are used to construct the model. For demonstration purposes, new SQL query texts are provided. To prepare input for the trained model, tokenization and padding are used. The model predicts whether each input represents a normal query or an attempt at SQL injection. The model's predictions are used to generate the results.\u003c/p\u003e \u003cp\u003e \u003c/p\u003e \u003cdiv id=\"Sec6\" class=\"Section2\"\u003e \u003ch2\u003e3.1 Clean Mock Data\u003c/h2\u003e \u003cp\u003eClean mock data is manufactured or simulated data meant to resemble real-world data. Still, it does not hold any personally identifiable information (PII) or other sensitive or private information. When real data cannot be used because of privacy concerns, legal limitations, or the need to preserve secret information, it is frequently used in development, testing, and other scenarios. An example of clean mock data that could be used for SQL injection detection is as given below: -\u003c/p\u003e \u003cp\u003enew_texts = [\u003c/p\u003e \u003cp\u003e\"SELECT * FROM customers WHERE id\u0026thinsp;=\u0026thinsp;123\",\u003c/p\u003e \u003cp\u003e\"UPDATE products SET price\u0026thinsp;=\u0026thinsp;0 WHERE id\u0026thinsp;=\u0026thinsp;5\",\u003c/p\u003e \u003cp\u003e\"DELETE FROM orders WHERE id\u0026thinsp;=\u0026thinsp;2 OR 1\u0026thinsp;=\u0026thinsp;1\u0026rdquo;, # SQL injection attempt\u003c/p\u003e \u003cp\u003e\"INSERT INTO logs (message) VALUES ('SQL injection attack')\", # SQL injection attempt\u003c/p\u003e \u003cp\u003e\"SELECT username, email FROM users WHERE role='admin'\",\u003c/p\u003e \u003cp\u003e\"DROP TABLE users\", # SQL injection attempt\u003c/p\u003e \u003cp\u003e\"SELECT * FROM products\",\u003c/p\u003e \u003cp\u003e\"UPDATE users SET password='newpass' WHERE id\u0026thinsp;=\u0026thinsp;42\",\u003c/p\u003e \u003cp\u003e\"INSERT INTO orders (product_id, quantity) VALUES (123, 5)\",\u003c/p\u003e \u003cp\u003e\"DELETE FROM customers WHERE id\u0026thinsp;=\u0026thinsp;456\",]\u003c/p\u003e \u003cp\u003enew_labels = [0, 0, 1, 1, 0, 1, 0, 0, 0, 0] # 0 for normal, 1 for SQL injection\u003c/p\u003e \u003cp\u003eUsing clean mock data is essential in SQL injection detection methods for several reasons:\u003c/p\u003e \u003cp\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eTo train and test the detection model it is beneficial to have clean data. The model can be trained by utilizing the dataset that is made up of the queries which makes it able to differentiate between normal and malicious input which can be fruitful in detection of mistrustful queries.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eUsing data as a reference point allows for analysis and comparison purposes.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eWe can compare the input data with the queries introduced, it can detect the abnormalities having the relationship with SQL injection attacks.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eWithout the presence of clean mock data, it might mistake for the model to differentiate between the normal queries and malicious queries. Training on the data can augment the accuracy of the detection system.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eBy optimization of techniques or model, it permits us to change boundaries like limit values or choice limits based on comprehension of information designs.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eClean mock data assures that the proposed data model remains compliant throughout the various SQL query structures in order to detect patterns in queries, which increases its adaptability to different application structure.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eIf we are successful in improving the model containing clean data which demonstrates SQL injection attack techniques, then there is possibility for amending its adequacy for finding out new attack patterns and reconcile accordingly.\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e \u003cp\u003eTherefore, clean mock data is essential for the evaluation and training of datasets which are able to perceive SQL injection attack which permits the proposed model to differentiate between normal and fraudulent queries.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec7\" class=\"Section2\"\u003e \u003ch2\u003e3.2 Detecting SQL Injection using the DCNN model\u003c/h2\u003e \u003cp\u003eWe used Python to implement our method utilizing the TensorFlow and Keras frameworks built on top of TensorFlow. Below we outline the steps we followed to identify SQL injection using this model.\u003c/p\u003e \u003cp\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eImporting Libraries: To start we imported libraries, like TensorFlow and Keras for learning purposes NumPy for operations, and matplotlib for visualizing data.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eSample Data: We defined a sample dataset consisting of SQL queries (texts) and their corresponding labels (labels). Labels are set to 0 for normal queries and 1 for SQL injection attempts.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eTokenization and Padding: We used the Tokenizer class from Keras to tokenize the SQL queries and pad them to a fixed length using pad sequences. This step converts the text data into a numerical format suitable for training.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eDefining the DCNN Model: We defined a DCNN model using Keras. The model consists of several layers:\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eEmbedding Layer: Converts words to dense vectors. Convolutional Layers: Detects patterns in the tokenized sequences. Global Max Pooling Layer: Reduces dimensions by selecting the maximum value. Dense Layers: The layers are completely linked, using ReLU (Rectified Linear Unit) activation. For binary classification, the output layer has a single neuron with sigmoid activity.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eCompiling the Model: By setting the optimizer, loss function i.e. binary cross-entropy, and evaluation measure (accuracy), we were able to gather the model.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eTraining the Model: We introduced the model on the sample data (SQL queries and labels) for several epochs.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eNew Data: We provided a set of new SQL queries (new_ texts) and their corresponding labels (new_labels) for testing.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eTokenizing and Padding New Data: Similar to the training data, we tokenized and padded the new SQL queries to the same length as the training data.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003ePredictions: We used the trained model to predict whether each new SQL query is an SQL injection attempt or a normal query based on a threshold of 0.5. The predictions are printed accordingly.\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e \u003cp\u003e \u003c/p\u003e \u003cp\u003e \u003c/p\u003e \u003cp\u003eThe DCNN model is made up of three convolutional layers, a global max pooling layer, and a fully connected layer. The first convolutional layer has 32 filters, the second layer contains 64 filters, and the third layer contains 128 filters, each of which is 3*3. These filters, or convolutional kernels, detect different features or patterns in the input data and contribute to the model's ability to recognize patterns in the SQL queries for SQL injection detection. A kernel of size 3 means that it considers three consecutive elements at a time while performing convolution. The model can identify local patterns in the input data by swiping the kernel across the token sequences. Rectified Linear Unit, or ReLU, is the activation function in this case. The graph below provides a visual representation of the proposed DCNN model's training and validation processes.\u003c/p\u003e \u003c/div\u003e"},{"header":"4 Result and discussion","content":"\u003cp\u003eThe model used in this research for SQL injection detection does not require a very fast machine. A laptop running Windows WSL2 with an AMD Ryzen 7 5700U CPU and 16GB RAM made up the experimental setup. Based on Tensorflow 2.14.0, the Keras framework is used with Python 3.11.0 as the programming language.\u003c/p\u003e\n\u003cdiv id=\"Sec9\" class=\"Section2\"\u003e\n\u003ch2\u003e4.1 Data Description\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eDataset Composition:\u0026nbsp;\u003c/strong\u003eThe data consists of raw SQL queries as text strings. The dataset consists of 30873 unique values.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLabels:\u0026nbsp;\u003c/strong\u003eEach query is labelled with a binary indicator (0 or 1), where 0 represents a normal query and 1 indicates an SQL injection attempt.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eSource:\u0026nbsp;\u003c/strong\u003eThe dataset is from Kaggle, part of a user-uploaded dataset for community use.\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv id=\"Sec10\" class=\"Section2\"\u003e\n\u003ch2\u003e4.2 Confusion Matrix\u003c/h2\u003e\n\u003cp\u003eA confusion matrix can be used to evaluate a model's performance in machine learning and classification issues, particularly in binary or multi-class classification tasks. It makes it easier to understand how closely a model's predictions match the actual ground truth labels. The true positive (T.P.), true negative (T.N.), false positive (F.P.), and false negative (F.N.) values are commonly shown using a square matrix. The confusion matrix breaks down the model's predictions in great depth which is essential in this DCNN-based SQL Injection Detection model to assess the standards of the binary classification model to detect SQL injection attacks. For example, T.P. is an instance in which the model properly anticipates a positive class (SQL injection attack), and T.N. is are instance in which the model correctly predicts a negative class (no SQL injection attack). F.N. are cases in which the model predicts a negative class incorrectly (fails to identify an actual SQL injection attempt) meanwhile F.P. is when the model predicts a positive class mistakenly (expects SQL injection when there isn't one).\u003c/p\u003e\n\u003cp\u003eInjection predictions in great depth which is essential in this DCNN-based SQL Injection Detection model to assess the standards of the binary classification model to detect SQL injection attacks. For example, T.P. is an instance in which the model properly anticipates a positive class (SQL injection attack), and T.N. is are instance in which the model correctly predicts a negative class (no SQL injection attack). F.N. are cases in which the model predicts a negative class incorrectly (fails to identify an actual SQL injection attempt) meanwhile F.P. is when the model predicts a positive class mistakenly (expects SQL injection when there isn't one).\u003c/p\u003e\n\u003cdiv class=\"gridtable\"\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003cbr /\u003e\n\u003cp\u003eTable 1: Comparison of some of the existing algorithms via their accuracy\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003ctable id=\"Tabb\" border=\"1\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eReference\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eSome Existing techniques\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eSize of the datasets\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eAccuracy of the model\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e32\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eDecision Tree\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e100,496 legal inputs and 7576 malicious SQL queries\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e99.5%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e4\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eLogistic Regression\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e8800 non-vulnerable files and 950 vulnerable PHP\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e95.1%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eLinear Discriminant\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e616 SQL statements\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.7%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eCubic SVM\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e616 SQL statements\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.7%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eEnsemble boosted tree\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e616 SQL statements\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.8%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eGaussian SVM\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e616 SQL statements\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.5%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eBagged tree\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e616 SQL statements\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.8%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e4\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eRandom Forest\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e8800 non-vulnerable files and 950 vulnerable PHP\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.6%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e12\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eNa\u0026iuml;ve Bayes\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\u0026nbsp;\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e93.3%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e32\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eTensorFlow Boosted Tree Classifier\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e100,496 legal inputs and 7576 malicious SQL queries\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e99.6%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e32\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eAdaBoost classifier\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e100,496 legal inputs and 7576 malicious SQL queries\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e99.5%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e32\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eSGD classifier\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e100,496 legal inputs and 7576 malicious SQL queries\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e98.6%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e4\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eCNN\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e8800 non-vulnerable files and\u003c/p\u003e\n\u003cp\u003e950 vulnerable PHP\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e95.3%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e[\u003cspan class=\"CitationRef\"\u003e4\u003c/span\u003e]\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eRNN\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e8800 non-vulnerable files and 950 vulnerable PHP\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e95.3%\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003eAfter reviewing the lots of previous research papers, we are able to conclude at TensorFlow Boosted Trees Classifier, AdaBoost classifier, Decision Tree are able to give less bit more accuracy than that of CNN or RNN. Proposed model doesn\u0026rsquo;t struggle with adaptability and can be proved as better medium for the effective identification of SQL injection attack. Due to this feature, it can ensure sustainability and reliability. The comparison work was eased by the review articles [\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e, \u003cspan class=\"CitationRef\"\u003e33\u003c/span\u003e].\u003c/p\u003e\n\u003cdiv class=\"gridtable\"\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;Table\u0026nbsp;2: Evaluation Metrics obtained by our DCNN model and its value\u003c/div\u003e\n\u003cdiv class=\"colspec\" align=\"left\"\u003e\u0026nbsp;\u003c/div\u003e\n\u003ctable id=\"Tabc\" border=\"1\"\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth align=\"left\"\u003e\n\u003cp\u003eS.N.\u003c/p\u003e\n\u003c/th\u003e\n\u003cth align=\"left\"\u003e\n\u003cp\u003eEvaluation Metrics\u003c/p\u003e\n\u003c/th\u003e\n\u003cth align=\"left\"\u003e\n\u003cp\u003eValues\u003c/p\u003e\n\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e1.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eTrue Positives\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e603\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e2.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eTrue Negatives\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e210\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e3.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eFalse Positives\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e23\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e4.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eFalse Negatives\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e4\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e5.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eAccuracy\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e0.9678\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e6.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003ePrecision\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e0.9632\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e7.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eRecall\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e0.9934\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e8.\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003eF1 score\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd align=\"left\"\u003e\n\u003cp\u003e0.9780\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eFirst, we limited the number of epochs to 10, which resulted in a loss of roughly 0.5 to 0.6. Subsequently, we kept checking by varying the number of epochs to 50, 100, 70, 60, 45, 40 and so on. Afterwards, when we restricted the number of epochs to 41, it gave us the highest accuracy and low training loss. It assured us the effective recall, precision value as well as F1 score.\u003c/p\u003e\n\u003c/div\u003e"},{"header":"5 Conclusion","content":"\u003cp\u003eIn essence, the proposed approach provides a technique for the detection of SQL injection attack with the help of DCNN. It is efficient for differentiating between normal SQL queries and the malicious SQL queries which has the potential to harm the system or individuals by obtaining the illegitimate access by the help of text inputs. The implemented model shows its promise for productively identifying the danger accompanying SQL injection. The accuracy, recall, precision and F1 score proves its potential. The blend of convolutional layers and the global max pooling layers magnifies the capability of the model for the acknowledging patterns in SQL queries which allows it to categorize patterns. It learns the demonstration through the layers and embedding techniques. The promising performance of this learning model for SQL injection attack detection shows its higher ability as an equipment for the cybersecurity measures for databases, websites and various application. Complete analysis measures validate its competence in obtaining the equilibrium between specificity and sensitivity which is a feature for minimization of positives and negative. Moreover, for the enhancement of the potentiality of the approach, the future research will focus on analyzation of methods for data augmentation associated with the SQL injection attacks. Sampling or under-sampling techniques can be used for undertaking the variances in the datasets in order to accomplish the data augmentation.\u003c/p\u003e"},{"header":"Declarations","content":"\u003ch2\u003eCompeting Interests:\u003c/h2\u003e\n\u003cp\u003eThe authors declare that they have no competing financial and/or non-financial interests related to this research.\u003c/p\u003e\n\n\u003ch2\u003eFunding:\u003c/h2\u003e\n\u003cp\u003eThis research did not receive any specific grant from funding agencies in the public, commercial, or not-for-profit sectors.\u003c/p\u003e\n\u003ch2\u003eAuthor Contribution\u003c/h2\u003e\n\u003cp\u003eSneha Baral BK wrote the main manuscript text and Hakam Singh guided the Sneha and reviewed the manuscript\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\u003cli\u003e\u003cspan\u003eMuslihi MT, Alghazzawi D, Detecting SQL (2020) Injection on Web Application Using Deep Learning Techniques: A Systematic Literature Review. In Proceedings of the 2020 Third International Conference on Vocational Education and Electrical Engineering(ICVEE), Surabaya, Indonesia, 3\u0026ndash;4 October\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAliero MS, Qureshi KN, Pasha MF, Ghani I, Yauri RA (2020) Systematic Review Analysis with SQLIA Detection and Prevention Approaches. Wirel Pers Commun 112:2297\u0026ndash;2333 [CrossRef]\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eHasan M, Tarique M Detection of SQL Injection Attacks: A Machine Learning Approach. In Proceedings of the 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), Ras Al Khaimah, United Arab Emirates, 19\u0026ndash;21 November 2019\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eGao H, Zhu J, Liu L, Xu J, Wu Y, Liu A, Detecting SQL (2019) Injection Attacks Using Grammar Pattern Recognition and Access Behavior Mining. In Proceedings of the 2019 IEEE International Conference on Energy Internet (ICEI), Nanjing, China, 27\u0026ndash;31 May\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eGandhi N A CNN-BiLSTM based Approach for Detection of SQL Injection Attacks. In Proceedings of the 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), Dubai, United Arab Emirates, 17\u0026ndash;18 March 2021;pp. 378\u0026ndash;383\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eZhang K, Dataset AT (2019) A Machine Learning based Approach to Identify SQL Injection Vulnerabilities. In Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA, 11\u0026ndash;15 November ; pp. 2019\u0026ndash;2021\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eLi QI, Li W, Wang J (2019) A SQL Injection Detection Method Based on Adaptive Deep Forest. IEEE Access 7:145385\u0026ndash;145394\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eTripathy D, Gohil R, Halabi T, Detecting SQL (2020) Injection Attacks in Cloud SaaS using Machine Learning. In Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (Bigdata Security), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Baltimore, MD, USA, 25\u0026ndash;27 May ; pp. 145\u0026ndash;150\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eSivasangari A SQL Injection Attack Detection using Machine Learning Algorithm. In Proceedings of the 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 3\u0026ndash;5 June 2021; pp. 1166\u0026ndash;1169\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eChen D, Yan Q, Wu C, Zhao J (2021) SQL injection attack detection and prevention techniques using deep learning. In Journal of Physics: Conference Series (Vol. 1757, No. 1, p. 012055). IOP Publishing\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eTang P, Qiu W, Huang Z, Lian H, Liu G (2020) Detection of SQL injection based on artificial neural network. Knowl -Based Syst 190:105528\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eZhang H, Zhao J, Zhao B, Yan X, Yuan H, Li F SQL injection detection based on deep belief network. In Proceedings of the CSAE 2019: Proceedings of the 3rd International Conference on Computer Science and Application Engineering, Sanya, China, 22\u0026ndash;24 October 2019. [CrossRef]\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eSabir B, Ullah F, Babar MA, Gaire R (2021) Machine learning for detecting data exfiltration: A review. ACM Comput Surv (CSUR) 54(3):1\u0026ndash;47\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eSheth T, Anap J, Patel H, Singh N, Ramya RB (2023), May Detection of SQL Injection Attacks by giving apriori to Q-Learning Agents. In 2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET) (pp. 1\u0026ndash;6). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eNasereddin M, ALKhamaiseh A, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Inform Secur Journal: Global Perspective 32(4):252\u0026ndash;265\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eRattrout A, Jaradat M, Jayousi R (2023) Machine Learning Advancements in SQL Injection Detection. NLP and Feature Engineering Strategies\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eGoyal A, Matta P (2023), September Beyond the Basics: A Study of Advanced Techniques for Detecting and Preventing SQL Injection Attacks. In 2023 4th International Conference on Smart Electronics and Communication (ICOSEC) (pp. 628\u0026ndash;631). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eKrishnan SA, Sabu AN, Sajan PP, Sreedeep AL (2021) SQL injection detection using machine learning. Vol, 11, 11\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eMin L, Ranxin G, Guanlin S, Wei C, Xiaotian X (2022), June The Detection and Defense Mechanism for SQL Injection Attack Based on Web Application. In 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC) (Vol. 10, pp. 1467\u0026ndash;1470). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eStewart H (2022) Security versus compliance: an empirical study of the impact of industry standards compliance on application security. Int J Software Eng Knowl Eng 32(03):363\u0026ndash;393\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eGupta A, Sharma LS (2022) A novel approach for detecting sql injection attacks using snort. J Institution Eng (India): Ser B 103(5):1443\u0026ndash;1451\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAlotaibi FM, Vassilakis VG (2023) Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks. Future Internet 15(5):170\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eQbea'h M, Alrabaee S, Alshraideh M, Sabri KE (2022), December Diverse Approaches Have Been Presented to Mitigate SQL Injection Attack, But It Is Still Alive: A Review. In 2022 International Conference on Computer and Applications (ICCA) (pp. 1\u0026ndash;5). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAl Azhar MF, Harwahyu R (2023) DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS. MULTITEK INDONESIA, 17(1)\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eHadabi A, Elsamani E, Abdallah A, Elhabob R (2022) An efficient model to detect and prevent SQL injection attack. Journal of Karary University for Engineering and Science\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eNasereddin M, ALKhamaiseh A, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Inform Secur Journal: Global Perspective 32(4):252\u0026ndash;265\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eZhang W, Li Y, Li X, Shao M, Mi Y, Zhang H, Zhi G (2022) Deep neural network-based SQL injection detection method. Security and Communication Networks, 2022\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eNasereddin M, ALKhamaiseh A, Qasaimeh M, Al-Qassas R (2023) A systematic review of detection and prevention techniques of SQL injection attacks. Inform Secur Journal: Global Perspective 32(4):252\u0026ndash;265\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eRoobini MS, Srividhya SR, Vennela K, Nikhila G (2022), March Detection of SQL Injection Attack Using Adaptive Deep Forest. In 2022 International Conference on Communication, Computing and Internet of Things (IC3IoT) (pp. 1\u0026ndash;6). IEEE\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eCrespo-Mart\u0026iacute;nez IS, Campazas-Vega A, Guerrero-Higueras \u0026Aacute;M, Riego-DelCastillo V, \u0026Aacute;lvarez-Aparicio C, Fern\u0026aacute;ndez-Llamas C (2023) SQL injection attack detection in network flow data. Computers \u0026amp; Security 127:103093\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eRankothge WH, Randeniya M, Samaranayaka V (2020) Identification and Mitigation Tool for Sql Injection Attacks (SQLIA), 2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS), RUPNAGAR, India, pp. 591\u0026ndash;595, \u003cspan class=\"ExternalRef\"\u003e\u003cspan class=\"RefSource\"\u003e10.1109/ICIIS51140.2020.9342703\u003c/span\u003e\u003cspan address=\"10.1109/ICIIS51140.2020.9342703\" targettype=\"DOI\" class=\"RefTarget\"\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eUwagbole SO, Buchanan WJ, Fan L (2017) An Applied Pattern-Driven Corpus to Predictive Analytics in Mitigating SQL Injection Attack. In Proceedings of the 2017 Seventh International Conference on Emerging Security Technologies (EST), Canterbury, UK, 6\u0026ndash;8 September ; pp. 12\u0026ndash;17\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan\u003eAlghawazi M, Alghazzawi D, Alarifi S (2022) Detection of sql injection attack using machine learning techniques: a systematic literature review. J Cybersecur Priv 2(4):764\u0026ndash;777\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"SQL Injection Detection, Deep Convolutional Neural Network (DCNN), cybersecurity, Embedding layers, Innovative, Global Max Pooling Layer, Information and Communication Technology, Imbalanced Data, sustainable, research development","lastPublishedDoi":"10.21203/rs.3.rs-3848810/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-3848810/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eAdvancing the systematic methods or algorithms is necessary because SQL injection attacks can be hazardous for the security of databases and various web applications. SQL injection can be a destructive security risks which targets vulnerable web applications. There were many techniques which was previously developed which is also known as traditional methods or techniques. Those techniques used to generally rely on the signature-based methods which struggle to adjust into new attack patterns. Therefore, different new techniques were introduced with integration of machine learning. SQL injection attack detection with the blend of machine learning facilitates improvement in cybersecurity providing the scalable and the proficient defense mechanism against the developing cyber-attack. This research paper provides a potential technique to the danger of SQL injection which is based on Machine Learning i.e. Deep Convolutional Neural Network (DCNN). The proposed model was trained on the large datasets which includes genuine as well as malicious SQL queries for assuring its ability to adapt different types of evolving attacks. We have used embedding layers and tokenization techniques for demonstrating SQL queries as numerical input for the model. It is made up of many convolutional layers and fully linked layers which is able to illustrate the complex patterns and the complex correlation that can be observed in SQL queries. Our approach to detect a SQL injection attack utilizing a DCNN illustrates the remarkable accuracy, precision, recall as well as F1 score. Additionally, we also had a look at the significances of using deep learning techniques in real-world scenarios along with the existing web application and the framework.\u003c/p\u003e \u003cp\u003e \u003c/p\u003e","manuscriptTitle":"Augmenting SQL Injection Attack Detection via Deep Convolutional Neural Network","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-01-12 05:45:59","doi":"10.21203/rs.3.rs-3848810/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"ab2bf8f0-cb34-470f-9035-5d798f3e6a3c","owner":[],"postedDate":"January 12th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2024-02-15T21:45:03+00:00","versionOfRecord":[],"versionCreatedAt":"2024-01-12 05:45:59","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-3848810","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-3848810","identity":"rs-3848810","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.