A CNN-BiLSTM based Approach for Detection of SQL Injection Attacks

Abstract

Web application attacks concerned with Structured Query Language Injection(SQLI) have been a major threat in the field of cybersecurity. SQLI attacks majorly lead to leakage of user’s data leading to data manipulation, updation and deletion in database management system. Traditional techniques used to prevent SQLI injections include rule-based matching and other related methods that are limited to a few number of SQL injections. Major concern regarding SQLI attacks relates to invention of new malicious SQL queries by hackers to perform SQLI attacks. The problem can be effectively dealt with use of machine learning algorithms for prediction of SQLI attacks. Paper proposes a hybrid CNN-BiLSTM based approach for SQLI attack detection. The proposed CNN-BiLSTM model had significant accuracy of 98% and superior performance compared to other machine learning algorithms. Also, paper presents a comparative study of different types of machine learning algorithms used for the purpose of SQLI attack detection. The study shows the performance of various algorithms based on accuracy, precision, recall, and F1 score with respect to proposed CNN-BiLSTM model in detection of SQL injection attacks.