2023 International Conference on Energy, Materials and Communication Engineering (ICEMCE), December 14 – 15,

2023, Madurai, India

A Study on SQL Injection Detection: AI-based

Perspective
2023 International Conference on Energy, Materials and Communication Engineering (ICEMCE) | 979-8-3503-9337-8/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICEMCE57940.2023.10434216

Dharani Pujitha Manepalli Alekhya Garugu Venkata Amrutha Kandarpa

Dept. of Information Technology Dept. of Information Technology Dept. of Information Technology
GMR Institute of Technology GMR Institute of Technology GMR Institute of Technology
Rajam, India Rajam, India Rajam, India
[email protected] [email protected] [email protected]
Syam Manohar Kummari Sanketh Rohi Jangam Aravind Karrothu
Dept. of Information Technology Dept. of Information Technology Dept. of Information Technology
GMR Institute of Technology GMR Institute of Technology GMR Institute of Technology
Rajam, India Rajam, India Rajam, India
[email protected] [email protected] [email protected]

Abstract—Web applications have revolutionized the way we
interact with and utilize the internet, offering dynamic and
feature-rich experiences. However, alongside their numerous
benefits, web applications also pose security challenges, with
SQL injection vulnerability being one of the most common and
harmful weaknesses. SQL injection attacks have become a
prominent concern in web application security, as highlighted
on their Network Security Problems released by OWASP. SQL
injection attacks present a significant danger to web-based
programs, undermining their security and potentially resulting
in unapproved access and data violation. This work explores
the application of DL techniques to enhance the identification
of SQL injection Attacks (SQLiA) in web-based programs,
aiming to strengthen their defense mechanisms. The work is
going to analyze various ML/DL-based mechanisms in which
algorithms have achieved the best accuracy in terms of
performance.
Attack (SQLiA) is the most common type to vulnerable web
applications and it was shown in Figure 2. In this scenario,
the attacker may enter into the network with some sort of
queries at the login stage. The web browser will
automatically search in the database for that login details in
the form of query like SELECT * from Employee WHERE
Empid = 3 OR (1==1) in the database. In the query the
attacker performs OR operation, the result will always be
true because if any of the input is true the output will be true
so (1==1) will always be true. When the server searches in
the database it will give that the login person is authenticated
so, to prevent these type techniques ML/DL algorithms are
used to train the model to identify them initially and deny the
access. The other type of scenario have explained that how
SQL injection may affect the normal working principle of
web application and that was depicted in Figure 3.

Keywords—Structured Query Language (SQL), SQL injection

Attack (SQLiA), Web Application Security, Machine Learning
(ML), OWASP.

I. INTRODUCTION
In digital platforms, there are many web applications that
are involved for the communication of various users from
one place to another place via the internet. At the same time,
the web pages are carrying our sensitive information whereas
login credentials, credit card details, and other secure
information at database centers through their respective web
servers. This scenario is depicted at Figure 1.

Fig. 2. SQL injection Attack (SQLiA) scenario-1

In general, the attacker can use various penetration

Fig. 1. WEB Application scenario
As per Open Web Application Security Project
(OWASP) analysis there are various types of security
vulnerabilities that are identified based on the damage of the
e-ecosystem. As per this analysis, we have identified
injection attacks as one of the most vulnerable attacks in the
digital platform. In the injection attack paradigm, SQL inject
scanning tools to enter the database using queries. So that we
need to identify such type malicious queries at entry level.
But there is a lack of knowledge to identify those malicious
attacks by using traditional algorithms. To enhance the
knowledge of the existing systems we required some sort of
intellectual and statistical algorithms like Machine Learning
(ML), Deep Learning (DL).
This paper is going to explain various recent ML/DL
techniques and analyse through their advantages, challenges,
and various open issues. The paper is constructed in various
sections, section -1 is showing introduction, and followed by
literature review of the existing methodologies, then
providing the analysis of state-of-art algorithms with various
parameters like advantages, challenges, and future scope

979-8-3503-9337-8/23/$31.00 ©2023IEEE
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:09:11 UTC from IEEE Xplore. Restrictions apply.
 along with types of their performance metrics. Finally, this
article is concluded based on the above analysis.
Fig. 3. SQL injection Attack (SQLiA) scenario-2
II. LITERATURE SURVEY
The authors have explained the scenario of SQLi
detection with the help of two-stage deep-learning based
structure. In the first stage the authors have suggested offline
training and other sites have implemented online testing. In
the first stage they have used various SQL injection tools for
identifying vulnerable and genuine queries. Then these data
could be transferred to structured format from unstructured.
Finally, the structured data samples are entered into the
testing stage. After the evaluation, the authors concluded that
this work may help to reduce the count of false positives and
at the same time false negatives. Along with that they
achieved high accuracy with this mechanism [1].
Muhammad, T., & Ghafory, H. have suggested a new ML-
based algorithms to identify and categorizes SQL injection
assault in web-based application. The model was created
using WEKA 3.8.0 and trained using wait and 10-overlap
cross validation assessments methods. The authors
effectively identified malicious log files by using machine
learning to distinguish between malicious and normal online
requests produced from access log files. In this process the
authors have used different types of algorithms like Logistic
Regression, Multilayer Perceptron etc. [2].
Mondal B. et.al. had explained about various AI methods
for detecting and preventing SQLi attacks. They used many
classifiers like MLP, Support vector machine, Decision trees,
etc. those are evaluated by using some performance metrics
like Confusion matrix &F1 score [3]. The author describes
one of the process of SQL injection attacks and how
attackers construct malicious user input crafted to exploit
SQL syntax to modify SQL statements and illegally access
the database. ITFIDF algorithm for attack detection: The
paper uses the ITFIDF algorithm in data mining technology
to identify SQL injection vulnerability. SQL injection attack
defense model: The paper establishes a SQL injection attack
defense model to defend against SQL injection attacks.
Experimental design and testing: The paper conducts
experiment to assess the efficacy of SQL injection attack and
defense technologies using relevant SQL attack traffic sets
and hardware and software configurations [4].
The authors have discussed a novel approach involving a
client-side model, rather than simply focusing on
safeguarding the database against injection attacks on the
server side. This model is designed to operate as a rectifier
on the client side, aiming to enhance security. Generally, ML
algorithms use numerical data for training and evaluating the
model but the inputs for queries is a text. So, to convert the
text into numerical values the author uses text parsing to
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:09:11 UTC from IEEE Xplore. Restrictions apply.
break the sentences into tokens then do preprocessing. The
approach employs the following preprocessing technique:
Term Frequency and Inverse Document Frequency (TF-IDF)
is used to clear the unwanted spaces and sentences. It will
give a table as a result that contains the occurrence of each
word across the document. After evolution the model has
given accuracy with 97%. Finally, the authors have
concluded that CNN is the best model for conducting
experiments on various ML models [5]. The authors
mentioned that they have utilized a dataset from the Python
library called Lib-injection, containing the data on all types
of SQL injection queries and plain text data. The paper tells
the process used for data preprocessing, which includes
tokenization, stop words removal, problem-based filtering,
stemming and word case uniformity. The author mention that
they have used a deep learning model utilizing the
embedding layer technique, relying on raw data rather than
predefined features [6].
Abdulmalik Yazeed have proposed a method to enhance
the effectiveness of identifying SQL injection attacks. This
approach comprises three stages: Dataset Phase, Static and
Dynamic Analysis Phase, and Model Construction Phase.
Here they had tested many algorithms like Random Forest
algorithm, ANN, SVM and Logistic regression. The tenfold
methodology will be employed to assess and verify the
proposed detection model.[7]. M. Hasan et al., developed a
heuristic algorithm rooted in machine learning to mitigate
SQL injection attacks. The process of feature extraction
involved the utilization of a MATLAB program, specifically
designed to examine and analyze individual statements. This
program was employed to generate an array of features,
which subsequently served as the predictive elements for the
machine learning classifier. The author chose the top five
classifiers by considering their accuracy in detection and
proceeded to create a Graphical User Interface (GUI)
application using these selected classifiers. The study's
findings indicated that the Ensemble Boosted Trees
algorithm outperformed others, showcasing its capability to
achieve a notably high accuracy (93.8%) in detecting SQL
injection attacks.
Gandhi et al. have provides a literature conduct a study
on the subject of SQL injection vulnerabilities and their
identification. It cites statistics from Open Web Application
Security Project (OWASP) and a study on SQL injection
attacks to highlight the severity of the issue. The paper also
addresses different conventional approaches and machine
learning algorithms employed in the detection of SQL
injection attacks, including source code validation, SQL
query verification, and classification algorithms such as
Naive Bayes and decision tree classifier. The paper then
proposes a hybrid approach combining CNN and BiLSTM
for detecting SQL injection assaults and provides a
comparative assessment of various algorithms concerning
their respective machine learning models. [9].
K. Zhang proposed a ML based classifier technique to
address the vulnerabilities facing SQLiA on PHP code. The
author uses input validation, sanitization features from the
program text file to train and test the classification models.
The author scripted Python code to determine if a file
invokes PHP library functions to perform input validation or
sanitization, or if it is trying to steal the information of the
users. It determined that the DL algorithms are better than
the ML algorithms, for feature extraction Bag of Words
 (BOW) is better than word2vector feature, Finally the author
said that CNN with bag of words having precision 95% [10].
The authors had discussed web applications where the
sensitive information is stored, no unauthorized access is
allowed in databases. They analyzed and tested various SQL
actions on web applications and he used many techniques
such as feature ranking & feed forward networks it is used
for selection and detection of employee correlation [11].
According to this work, the authors have suggested an
approach utilizing adaptive deep forest involves significantly
fewer hyperparameters compared to deep neural networks,
making it more robust to hyperparameter settings. The
assessment criteria include accuracy (ACC), precision (P),
recall (R), and F1-score. The experiments were carried out
using Python and Scikit-learn library to build machine
learning model, Kera to construct a neural network and
employ TensorFlow as the underlying computing
framework. The method uses adaptive deep forest (ADF) to
automatically adjust the model parameters throughout the
training process, enhancing the accuracy of detection. [12].
The paper examines the current methods for detecting
SQL injection in intelligent transportation systems and
proposes a new method based on LSTM networks and
positive sample generation. The authors compare
effectiveness in identifying SQL injection statements through
traditional machine learning techniques (SVM, KNN,
Decision Tree, NB, RF) and widely employed deep neural
networks (CNN, RNN, MLP). The proposed method utilizes
LSTM to harness the benefits of data sequencing and long-
term dependencies for the detection of SQL injection attacks,
and a specific model training process is given. Additionally,
the paper introduces a positive sample generation method to
equalize the distribution of input data and enhance the
training dataset, which can alleviate the issue of overfitting
[13]. The authors have proposed a ML-based technique to
classify incoming traffic as normal or malicious. Data is
captured in two places-HTTP traffic between the traffic
generation server and the web app server and the remote
database server is captured. These two sets of data are then
processed and correlated to create a separate dataset
containing features from both datasets. The algorithms used
are evaluated for classification accuracy as well as efficiency
in terms of time to build models and time to classify the
training data with 5-fold cross validation.[14]. Kevin Ross
has proposed an idea about unknown attacks can be
identified by using ML techniques. This paper collects traffic
from web application host logs to detect attacks and shows
the performance comparison between decision tree and
neural network algorithm, dataset captures traffic to the web
applications and TCP and HTTP packets [15]. Asish Kumar
Dalai and Sanjay Kumar Jena said this novel is to prevent
SQL attacks and explains about different attacks and SQL
attacks such as type mismatch, commenting the code and
mentioned UNION SELECT statements for data extractions
in injected attacks also, this paper touches runtime
monitoring approach it controls during the attack is in static
analysis phase [16]. We have analysed various ML/DL-based
techniques with their advantages, limitations, along with
their performance analysis [17]. Also, we have given if any
future scope needed for any work, that also we have
highlighted in the below table 1.

TABLE I. ANALYSIS OF EXISTING METHODOLOGIES

S. No. Author Names Methodology Used Advantages / Limitations Future Scope Performance
2-Stage Deep- Need to do the robustness of
Provide High accuracy and reduce F1 score- 95.64
1 Sun, H. et al., learning based the deep-learning detection
false positives & negatives Accuracy – 99.57
framework models
Integrating real-time
Muhammad, T., & LG, MLP, NB, Requires a large amount of data for detection could further
2 Accuracy - 98.79%
Ghafory, H. SMO model preparation strengthen and improve the
detection of SQL injections
MLP, SVM, Improving the performance
Lacks a comprehensive analysis of
Logistic Regression and precision of machine
3 Mondal, B. et al., the limitations of the proposed AI- Accuracy - 96%
(LR), Naive Bayes, learning-based SQL Injection
based SQLI detection strategies
and Decision Tree. detection algorithms.
Has a lower false alarm rate and It takes more time for large
SQL syntax tree,
4 Sheng, Jingyuan. faster running time compared to dataset at pre-processing Accuracy - 97%
Filtering
traditional defense technology. phase
Naive Bayes, LR,
Krishnan, S. A. et CNN, SVM, Passive Because of manual process it takes web-based application codes,
5 Accuracy - 97%.
al., Aggressive, K-fold more time HTTP scanning proxies
cross-validation
Can recognize SQL injected
6 Jothi, et al., SVM, RN, ANN Relies on single word tokenization. statements effectively with Accuracy - 98%
AI-based techniques
By the help of extracting semantic
Abdulmalik, LG, RN, ANN, Need to focus on an effective
7 features can easily detect —
Yazeed. SVM input validation attack
unauthorized access
Innovative techniques and
A deep learning-powered approach
approaches to enhance
8 Hassan, M. M. et al., CNN and LSTM to detect SQL injection Accuracy - 98.04%
identifying and thwarting
vulnerabilities.
SQL injection vulnerabilities
The use of DL models for
ML has led to improvements in
9 Gandhi, N. et al., CNN-Bi-LSTM detecting more complex SQL Accuracy - 97%
detection than traditional methods
injection attacks
Random Forest, LR, use of ensemble methods to
It is not adopted for large scale web
10 K. Zhang SVM, MLP, LSTM, improve the performance of Accuracy - 95.4%
applications
and CNN the classifier

Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:09:11 UTC from IEEE Xplore. Restrictions apply.
 There is a scope for
Ensemble Boosted
implement to identify non-
Trees, Ensemble The combination of both ML and
11 Hasan, M. et al., SQL injected statements Accuracy - 99%
Bagged Trees, DL can provide more accuracy
along with more features in
Cubic SVM
dataset
deep neural
Allowing it to capture a wide
networks (DNN), Better detection accuracy on less
range of attack patterns and Accuracy- 90%
12 Li, Q. et al., decision tree (DT), samples, Low computational cost;
adapt to new or unknown
random forest (RF),
types of attacks.
and SVM
Enhance detection accuracy while Can provide more efficiency
13 Li, Q. et al., LSTM minimizing false positives and false with DL Models (CNN and Accuracy - 95.64%
negatives. RNN)
Need more focus on
SVM, RF, Decision This approach doesn’t applicable to
14 Ross, K. et al., implementation by using DL Accuracy – 98.04%
Tree all type of datasets
algorithms
Suggest exploring other ML
Intrusion detection The combination of MLP and SVM
techniques for both accuracy
involve static, techniques has been shown to
15 Ross, K. and performance, indicating Accuracy - 92.03%
signature-based IDS achieve improved accuracy in
a potential for further
rules intrusion detection.
research in this area.
Command Injection, Code
SQL injection It does not involve input filtering so Injection, and File Injection,
Dalai, A. K., &
16 attacks in web it is easier to implement and to provide a more Accuracy - 95%
Jena, S. K.
applications maintain. comprehensive solution for
web application security

III. CONCLUSION
In web ecosystem we need to maintain attack less network
as well as communicating to each from one device to
another device. In this scenario, SQL injection attacks
being one of the most widespread and destructive.
vulnerabilities in e-platform. To identify those attacks
(SQLiA) through various pen tools as well need to be
adopt some sort of intellectual models in web
environment. As per this Analysis, we have gathered
related information on detection models of SQLiA with a
range of performance metrics such as Accuracy,
Precision, Recall, F1 score and so on. After analyzing all
the works, we concluded that DL models have given best
performance to detect SQLiA with higher accuracy than
ML. Namely, MLP, CNN, LSTM are perfectly apt for
detect SQLiA in web applications. Mainly, out of these
three models MLP is well suitable for identifying SQLiA
with high accuracy of 96% to 98.79%. In future, we are
going to enhance existing model and try to provide a new
approach that will perform well in all aspects of
performance metrics. Also, we are planning to study more
and more related articles of ML/DL based SQLiA
detection models and will provide the best suitable model.
REFERENCES:
[1]. Sun, H., Du, Y., & Li, Q. (2023). Deep Learning-Based Detection
Technology for SQL Injection Research and Implementation.
Applied Sciences, 13(16), 9466.
[2]. Muhammad, T., & Ghafory, H. (2022). SQL Injection Attack
Detection Using Machine Learning Algorithm. Mesopotamian
journal of cybersecurity, 2022, 5-17.
[3]. Mondal, B., Banerjee, A., & Gupta, S. (2022). A review of SQLI
detection strategies using machine learning. machine learning,
6(S2), 9664-9677.
[4]. Sheng, J. (2022). Research on SQL Injection Attack and Defense
Technology of Power Dispatching Data Network: Based on Data
Mining. Mobile Information Systems, 2022.
[5]. Krishnan, S. A., Sabu, A. N., Sajan, P. P., & Sreedeep, A. L.
(2021). SQL injection detection using machine learning. vol, 11,
11.
[6]. Jothi, K. R., Pandey, N., Beriwal, P., & Amarajan, A. (2021,
March). An efficient SQL injection detection system using deep
learning. In 2021 International conference on computational
intelligence and knowledge economy (ICCIKE) (pp. 442-445).
IEEE.
[7]. Abdulmalik, Y. (2021). An improved SQL injection attack
detection model using machine learning techniques. International
Journal of Innovative Computing, 11(1), 53-57.
[8]. Hassan, M. M., Ahmad, R. B., & Ghosh, T. (2021). SQL injection
vulnerability detection using deep learning: a feature-based
approach. Indonesian Journal of Electrical Engineering and
Informatics (IJEEI), 9(3), 702-718.
[9]. Gandhi, N., Patel, J., Sisodiya, R., Doshi, N., & Mishra, S. (2021,
March). A CNN-BiLSTM based approach for detection of SQL
injection attacks. In 2021 International conference on
computational intelligence and knowledge economy (ICCIKE)
(pp. 378-383). IEEE.
[10]. Zhang, K. (2019, November). A machine learning based approach
to identify SQL injection vulnerabilities. In 2019 34th IEEE/ACM
International Conference on Automated Software Engineering
(ASE) (pp. 1286-1288). IEEE.
[11]. Hasan, M., Balbahaith, Z., & Tarique, M. (2019, November).
Detection of SQL injection attacks: a machine learning approach.
In 2019 International Conference on Electrical and Computing
Technologies and Applications (ICECTA) (pp. 1-6). IEEE.
[12]. Li, Q., Li, W., Wang, J., & Cheng, M. (2019). A SQL injection
detection method based on adaptive deep forest. IEEE Access, 7,
145385-145394.
[13]. Li, Q., Wang, F., Wang, J., & Li, W. (2019). LSTM-based SQL
injection detection method for intelligent transportation system.
IEEE Transactions on Vehicular Technology, 68(5), 4182-4191.
[14]. Ross, K., Moh, M., Moh, T. S., & Yao, J. (2018, March). Multi-
source data analysis and evaluation of machine learning
techniques for SQL injection detection. In Proceedings of the
ACMSE 2018 Conference (pp. 1-8).
[15]. Ross, K. (2018). SQL injection detection using machine learning
techniques and multiple data sources.
[16]. Dalai, A. K., & Jena, S. K. (2017). Neutralizing SQL injection
attack using server-side code modification in web applications.
Security and Communication Networks, 2017.
[17]. Brindavathi, B., Karrothu, A., & Anilkumar, C. (2023, August).
An Analysis of AI-based SQL Injection (SQLi) Attack Detection.
In 2023 Second International Conference on Augmented
Intelligence and Sustainable Systems (ICAISS) (pp. 31-35). IEEE.

Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:09:11 UTC from IEEE Xplore. Restrictions apply.