Article
Detection of SQL Injection Attacks Through Adaptive Deep Learning
SQL Injection (SQLi) remains one of the most prevalent and destructive threats to modern web applications, enabling adversaries to bypass authentication, exfiltrate sensitive data, and compromise entire back-end systems. Conventional countermeasures such as Web Application Firewalls (WAFs) and signature-based filters depend on static rule sets that are ineffective against obfuscated, polymorphic, or zero-day payloads. This paper presents an adaptive, data-driven detection framework that leverages Term Frequency–Inverse Document Frequency (TF-IDF) feature extraction coupled with a Random Forest classifier—architected for straightforward migration to Artificial Neural Networks (ANN)—to accurately distinguish malicious from benign SQL queries. The system is deployed as a full-stack web application: a Flask-based REST API exposes a /predict endpoint for real-time classification, SQLite manages user credentials through bcrypt-hashed storage, and a responsive HTML/CSS/JavaScript interface surfaces actionable security alerts. Comprehensive evaluation using accuracy, precision, recall, and F1-score demonstrates that the proposed approach substantially outperforms rule-based baselines while maintaining sub-second inference latency. The modular architecture supports seamless substitution of the classifier with LSTM or CNN models as threat landscapes evolve.
Full Text Attachment
