基于LSTM的非平衡数据注入检测模型

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-19 DOI:10.1016/j.cose.2025.104391

Kholood Salah Fathi, Sherif Barakat, Amira Rezk

{"title":"基于LSTM的非平衡数据注入检测模型","authors":"Kholood Salah Fathi, Sherif Barakat, Amira Rezk","doi":"10.1016/j.cose.2025.104391","DOIUrl":null,"url":null,"abstract":"<div><div>The rise of web application attacks, increasingly frequent and complex, presents a significant cybersecurity challenge. This rise is driven by the vast data available on the internet, attracting cybercriminals. Among these attacks, Structured Query Language Injection (SQLI) remains particularly pervasive and dangerous, threatening the security and integrity of critical databases. This enduring threat has encouraged extensive research to develop strategies for detecting SQLI attacks with high accuracy and low latency. This paper introduces two advanced models for SQLI detection using a Long Short-Term Memory (LSTM) neural network as a deep learning model and other traditional Machine Learning classifiers. A key challenge addressed in this study is data imbalance—a common issue in cybersecurity datasets where malicious instances are vastly outnumbered by benign ones. This imbalance can bias Machine Learning models toward the majority class. To counter this, the research employs a variety of data preprocessing techniques that significantly enhance model performance. Experimental results indicate significant improvements in performance metrics due to preprocessing. However, the standout finding is the superior performance of the proposed deep learning model, specifically the LSTM neural network. Without relying on resampling techniques, the LSTM model demonstrates exceptional accuracy in detecting SQLI attacks, beating the enhanced Machine Learning model. It is worth noting that the proposed LSTM model performance is tested on three different datasets to ensure its robustness and ability to adapt with varying environments. It achieves a perfect 100 % precision, recall, and F1-score. Its accuracy consistently ranged from 99.7 % to 99.8 % across all three datasets, with a remarkably low classification error of 0.002 that was nearly zero. These results highlight the LSTM model's robustness and effectiveness in addressing SQLI detection challenges, making it a powerful tool for enhancing cybersecurity defenses.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104391"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An effective SQL injection detection model using LSTM for imbalanced datasets\",\"authors\":\"Kholood Salah Fathi, Sherif Barakat, Amira Rezk\",\"doi\":\"10.1016/j.cose.2025.104391\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The rise of web application attacks, increasingly frequent and complex, presents a significant cybersecurity challenge. This rise is driven by the vast data available on the internet, attracting cybercriminals. Among these attacks, Structured Query Language Injection (SQLI) remains particularly pervasive and dangerous, threatening the security and integrity of critical databases. This enduring threat has encouraged extensive research to develop strategies for detecting SQLI attacks with high accuracy and low latency. This paper introduces two advanced models for SQLI detection using a Long Short-Term Memory (LSTM) neural network as a deep learning model and other traditional Machine Learning classifiers. A key challenge addressed in this study is data imbalance—a common issue in cybersecurity datasets where malicious instances are vastly outnumbered by benign ones. This imbalance can bias Machine Learning models toward the majority class. To counter this, the research employs a variety of data preprocessing techniques that significantly enhance model performance. Experimental results indicate significant improvements in performance metrics due to preprocessing. However, the standout finding is the superior performance of the proposed deep learning model, specifically the LSTM neural network. Without relying on resampling techniques, the LSTM model demonstrates exceptional accuracy in detecting SQLI attacks, beating the enhanced Machine Learning model. It is worth noting that the proposed LSTM model performance is tested on three different datasets to ensure its robustness and ability to adapt with varying environments. It achieves a perfect 100 % precision, recall, and F1-score. Its accuracy consistently ranged from 99.7 % to 99.8 % across all three datasets, with a remarkably low classification error of 0.002 that was nearly zero. These results highlight the LSTM model's robustness and effectiveness in addressing SQLI detection challenges, making it a powerful tool for enhancing cybersecurity defenses.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"153 \",\"pages\":\"Article 104391\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-02-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S016740482500080X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482500080X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

web应用程序攻击的增加，越来越频繁和复杂，提出了一个重大的网络安全挑战。这种增长是由互联网上的海量数据驱动的，吸引了网络犯罪分子。在这些攻击中，结构化查询语言注入（SQLI）尤为普遍和危险，威胁着关键数据库的安全性和完整性。这种持久的威胁促使人们进行广泛的研究，以开发高精度和低延迟检测SQLI攻击的策略。本文介绍了使用长短期记忆（LSTM）神经网络作为深度学习模型和其他传统机器学习分类器的两种高级SQLI检测模型。本研究解决的一个关键挑战是数据不平衡，这是网络安全数据集中的一个常见问题，其中恶意实例的数量远远超过良性实例。这种不平衡会使机器学习模型偏向大多数阶级。为了解决这个问题，本研究采用了多种数据预处理技术，显著提高了模型的性能。实验结果表明，由于预处理，性能指标显着提高。然而，最突出的发现是所提出的深度学习模型的优越性能，特别是LSTM神经网络。在不依赖重采样技术的情况下，LSTM模型在检测SQLI攻击方面表现出了卓越的准确性，击败了增强的机器学习模型。值得注意的是，所提出的LSTM模型性能在三个不同的数据集上进行了测试，以确保其鲁棒性和适应不同环境的能力。它达到了完美的100%的准确率、召回率和f1分。在所有三个数据集上，它的准确率始终在99.7%到99.8%之间，分类误差非常低，只有0.002，几乎为零。这些结果突出了LSTM模型在解决SQLI检测挑战方面的鲁棒性和有效性，使其成为增强网络安全防御的强大工具。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An effective SQL injection detection model using LSTM for imbalanced datasets

The rise of web application attacks, increasingly frequent and complex, presents a significant cybersecurity challenge. This rise is driven by the vast data available on the internet, attracting cybercriminals. Among these attacks, Structured Query Language Injection (SQLI) remains particularly pervasive and dangerous, threatening the security and integrity of critical databases. This enduring threat has encouraged extensive research to develop strategies for detecting SQLI attacks with high accuracy and low latency. This paper introduces two advanced models for SQLI detection using a Long Short-Term Memory (LSTM) neural network as a deep learning model and other traditional Machine Learning classifiers. A key challenge addressed in this study is data imbalance—a common issue in cybersecurity datasets where malicious instances are vastly outnumbered by benign ones. This imbalance can bias Machine Learning models toward the majority class. To counter this, the research employs a variety of data preprocessing techniques that significantly enhance model performance. Experimental results indicate significant improvements in performance metrics due to preprocessing. However, the standout finding is the superior performance of the proposed deep learning model, specifically the LSTM neural network. Without relying on resampling techniques, the LSTM model demonstrates exceptional accuracy in detecting SQLI attacks, beating the enhanced Machine Learning model. It is worth noting that the proposed LSTM model performance is tested on three different datasets to ensure its robustness and ability to adapt with varying environments. It achieves a perfect 100 % precision, recall, and F1-score. Its accuracy consistently ranged from 99.7 % to 99.8 % across all three datasets, with a remarkably low classification error of 0.002 that was nearly zero. These results highlight the LSTM model's robustness and effectiveness in addressing SQLI detection challenges, making it a powerful tool for enhancing cybersecurity defenses.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.