Web applications are critical yet vulnerable to cyber threats, with SQL Injection (SQLi) ranked third in OWASP’s top ten vulnerabilities and prevalent in recent incidents. Despite extensive research into SQLi detection, dedicated datasets remain scarce, with benchmark datasets featuring a low proportion of SQLi records amid diverse attack types (e.g., SQLi, Blind SQLi). This paper proposes a novel framework to generate a dynamic, homogeneous SQLi dataset, integrating tools to craft malicious payloads of varying severity and balanced legitimate SQL records. The complete SQL statement is only constructed server-side, and its final form depends on how the application handles the payload securely. Leveraging prompt-engineering with large language models (LLMs), the framework trains and evaluates this dataset, assessing model accuracy in distinguishing SQLi attacks from benign queries. Validation using a web application firewall (WAF) and an LLM yielded robust detection performance, achieving 99.72% accuracy and a 99.81% F1-score. Experimental outcomes underscore the framework’s efficacy in advancing SQLi attack detection capabilities. The dataset generated by the proposed framework is publicly available to the research community via GitHub at [22]. This resource is provided to facilitate further studies and the reproducibility of our findings.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Novel Framework for SQL Injection Attack Detection

  • Marwa Eldaly,
  • Mohamed Elhamahmy,
  • Hesham Elmahdy,
  • Sanaa Taha

摘要

Web applications are critical yet vulnerable to cyber threats, with SQL Injection (SQLi) ranked third in OWASP’s top ten vulnerabilities and prevalent in recent incidents. Despite extensive research into SQLi detection, dedicated datasets remain scarce, with benchmark datasets featuring a low proportion of SQLi records amid diverse attack types (e.g., SQLi, Blind SQLi). This paper proposes a novel framework to generate a dynamic, homogeneous SQLi dataset, integrating tools to craft malicious payloads of varying severity and balanced legitimate SQL records. The complete SQL statement is only constructed server-side, and its final form depends on how the application handles the payload securely. Leveraging prompt-engineering with large language models (LLMs), the framework trains and evaluates this dataset, assessing model accuracy in distinguishing SQLi attacks from benign queries. Validation using a web application firewall (WAF) and an LLM yielded robust detection performance, achieving 99.72% accuracy and a 99.81% F1-score. Experimental outcomes underscore the framework’s efficacy in advancing SQLi attack detection capabilities. The dataset generated by the proposed framework is publicly available to the research community via GitHub at [22]. This resource is provided to facilitate further studies and the reproducibility of our findings.