In banking information systems, databases containing customer information, contracts, and transactions play a critical role. However, these databases are increasingly targeted by cyberattacks aimed at stealing sensitive information. Among these threats, SQL injection (SQLi) remains one of the most prevalent cybersecurity risks to web applications and databases in banking systems, necessitating the development of advanced detection strategies to mitigate potential damage. To address this issue, artificial intelligence (AI) has emerged as a powerful tool for detecting SQLi attacks. This study proposes a novel hybrid model that integrates BERT (Bidirectional Encoder Representations from Transformers) and BiLSTM (Bidirectional Long Short-Term Memory) networks, leveraging BERT’s contextual understanding and LSTM’s ability to capture sequential dependencies for highly effective and accurate SQLi detection. The research utilizes a publicly available and widely adopted benchmark dataset containing 30,609 labeled SQL queries, including 19,268 benign queries and 11,341 SQLi queries. Several essential preprocessing steps, such as tokenization, noise removal, and normalization, were applied before model training to enhance data quality. Experimental results demonstrate that the proposed BERT-BiLSTM hybrid model outperforms existing techniques, including Decision Trees, Support Vector Machines (SVM), RNN, CNN-BiLSTM, and DNN-RHM, achieving an accuracy of 0.9994, precision of 0.9995, recall of 0.9991, and an F1-score of 0.9993. These findings highlight the model’s potential for real-world deployment, strengthening system defense mechanisms, reducing the risk of data breaches, and improving compliance with cybersecurity standards. By integrating advanced contextual and sequential learning techniques, the proposed model provides a scalable and adaptable solution for enhancing the security of web applications and databases in banking information systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hybrid BERT-BiLSTM Model for SQL Injection Detection: Potential Applications in Banking Information Systems

  • Truong Cong Doan,
  • Phan Thanh Duc,
  • Tran Van Loi

摘要

In banking information systems, databases containing customer information, contracts, and transactions play a critical role. However, these databases are increasingly targeted by cyberattacks aimed at stealing sensitive information. Among these threats, SQL injection (SQLi) remains one of the most prevalent cybersecurity risks to web applications and databases in banking systems, necessitating the development of advanced detection strategies to mitigate potential damage. To address this issue, artificial intelligence (AI) has emerged as a powerful tool for detecting SQLi attacks. This study proposes a novel hybrid model that integrates BERT (Bidirectional Encoder Representations from Transformers) and BiLSTM (Bidirectional Long Short-Term Memory) networks, leveraging BERT’s contextual understanding and LSTM’s ability to capture sequential dependencies for highly effective and accurate SQLi detection. The research utilizes a publicly available and widely adopted benchmark dataset containing 30,609 labeled SQL queries, including 19,268 benign queries and 11,341 SQLi queries. Several essential preprocessing steps, such as tokenization, noise removal, and normalization, were applied before model training to enhance data quality. Experimental results demonstrate that the proposed BERT-BiLSTM hybrid model outperforms existing techniques, including Decision Trees, Support Vector Machines (SVM), RNN, CNN-BiLSTM, and DNN-RHM, achieving an accuracy of 0.9994, precision of 0.9995, recall of 0.9991, and an F1-score of 0.9993. These findings highlight the model’s potential for real-world deployment, strengthening system defense mechanisms, reducing the risk of data breaches, and improving compliance with cybersecurity standards. By integrating advanced contextual and sequential learning techniques, the proposed model provides a scalable and adaptable solution for enhancing the security of web applications and databases in banking information systems.