Advancing SQL Injection Detection for High-Speed Data Centers: A Novel Approach Using Cascaded NLP

December 20, 2023 · Entered Twilight · 🏛 arXiv.org

Repo contents: .gitignore, LICENSE.md, README.md, classical_models.py, config.ini, datasets, ensemble_models.py, experiments.py, main.ipynb, paper, results, run_classical_MLs.py, sqli-env.yml, templates.py, trained_models, utils

Authors Kasim Tasdemir, Rafiullah Khan, Fahad Siddiqui, Sakir Sezer, Fatih Kurugollu, Sena Busra Yengec-Tasdemir, Alperen Bolat arXiv ID 2312.13041 Category cs.CR: Cryptography & Security Citations 3 Venue arXiv.org Repository https://github.com/gdrlab/cascaded-sqli-detection ⭐ 6 Last Checked 3 months ago

Abstract

Detecting SQL Injection (SQLi) attacks is crucial for web-based data center security, but it is challenging to balance accuracy and computational efficiency, especially in high-speed networks. Traditional methods struggle with this balance, while NLP-based approaches, although accurate, are computationally intensive. We introduce a novel cascade SQLi detection method, blending classical and transformer-based NLP models, achieving a 99.86% detection accuracy with significantly lower computational demands-20 times faster than using transformer-based models alone. Our approach is tested in a realistic setting and compared with 35 other methods, including Machine Learning-based and transformer models like BERT, on a dataset of over 30,000 SQL sentences. Our results show that this hybrid method effectively detects SQLi in high-traffic environments, offering efficient and accurate protection against SQLi vulnerabilities with computational efficiency. The code is available at https://github.com/gdrlab/cascaded-sqli-detection .