An effective SQL injection detection model using LSTM for imbalanced datasets

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-19 DOI:10.1016/j.cose.2025.104391

Kholood Salah Fathi, Sherif Barakat, Amira Rezk

{"title":"An effective SQL injection detection model using LSTM for imbalanced datasets","authors":"Kholood Salah Fathi, Sherif Barakat, Amira Rezk","doi":"10.1016/j.cose.2025.104391","DOIUrl":null,"url":null,"abstract":"<div><div>The rise of web application attacks, increasingly frequent and complex, presents a significant cybersecurity challenge. This rise is driven by the vast data available on the internet, attracting cybercriminals. Among these attacks, Structured Query Language Injection (SQLI) remains particularly pervasive and dangerous, threatening the security and integrity of critical databases. This enduring threat has encouraged extensive research to develop strategies for detecting SQLI attacks with high accuracy and low latency. This paper introduces two advanced models for SQLI detection using a Long Short-Term Memory (LSTM) neural network as a deep learning model and other traditional Machine Learning classifiers. A key challenge addressed in this study is data imbalance—a common issue in cybersecurity datasets where malicious instances are vastly outnumbered by benign ones. This imbalance can bias Machine Learning models toward the majority class. To counter this, the research employs a variety of data preprocessing techniques that significantly enhance model performance. Experimental results indicate significant improvements in performance metrics due to preprocessing. However, the standout finding is the superior performance of the proposed deep learning model, specifically the LSTM neural network. Without relying on resampling techniques, the LSTM model demonstrates exceptional accuracy in detecting SQLI attacks, beating the enhanced Machine Learning model. It is worth noting that the proposed LSTM model performance is tested on three different datasets to ensure its robustness and ability to adapt with varying environments. It achieves a perfect 100 % precision, recall, and F1-score. Its accuracy consistently ranged from 99.7 % to 99.8 % across all three datasets, with a remarkably low classification error of 0.002 that was nearly zero. These results highlight the LSTM model's robustness and effectiveness in addressing SQLI detection challenges, making it a powerful tool for enhancing cybersecurity defenses.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104391"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482500080X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rise of web application attacks, increasingly frequent and complex, presents a significant cybersecurity challenge. This rise is driven by the vast data available on the internet, attracting cybercriminals. Among these attacks, Structured Query Language Injection (SQLI) remains particularly pervasive and dangerous, threatening the security and integrity of critical databases. This enduring threat has encouraged extensive research to develop strategies for detecting SQLI attacks with high accuracy and low latency. This paper introduces two advanced models for SQLI detection using a Long Short-Term Memory (LSTM) neural network as a deep learning model and other traditional Machine Learning classifiers. A key challenge addressed in this study is data imbalance—a common issue in cybersecurity datasets where malicious instances are vastly outnumbered by benign ones. This imbalance can bias Machine Learning models toward the majority class. To counter this, the research employs a variety of data preprocessing techniques that significantly enhance model performance. Experimental results indicate significant improvements in performance metrics due to preprocessing. However, the standout finding is the superior performance of the proposed deep learning model, specifically the LSTM neural network. Without relying on resampling techniques, the LSTM model demonstrates exceptional accuracy in detecting SQLI attacks, beating the enhanced Machine Learning model. It is worth noting that the proposed LSTM model performance is tested on three different datasets to ensure its robustness and ability to adapt with varying environments. It achieves a perfect 100 % precision, recall, and F1-score. Its accuracy consistently ranged from 99.7 % to 99.8 % across all three datasets, with a remarkably low classification error of 0.002 that was nearly zero. These results highlight the LSTM model's robustness and effectiveness in addressing SQLI detection challenges, making it a powerful tool for enhancing cybersecurity defenses.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.