SQL Injection Detection Using 2D-Convolutional Neural Networks (2D-CNN)

Abstract

It is common for modern multi-tier applications to use highly performant databases to manage and store business data. These systems are attractive to hackers because they contain essential data, and great care must be taken to prevent unauthorized access to the database layer. SQL Injection attacks (SQLIA) are one of the most common web applications (WA) threats. SQL injection, more often known as SQL Injection (SQLI), is a different attack method that involves injecting malicious SQL code into a database. Thanks to deep learning algorithms, the classification can be performed without manual feature extraction. It has been proposed a Specially Designed two-dimensional convolutional neural network (2D-CNN) architecture built using python. Further, the proposed 2D-CNN can be extracted automatic features from numerical data. Here, binary classify (normal and malicious queries) was applied. While this dataset is one-dimensional text, these are transformed into the two-dimensional matrix with word embedding (Skip-Gram Model) technique taking both context and syntax information from SQL into consideration for extracting low-dimensional vector representations of words and feature engineering using a neural network. Technically, this process would increase the classification accuracy detection of SQLIA with high harmony. The dataset from Kaggle.com, which includes all major types of SQL attacks, was used to test the proposed Model. The proposed model 2D-CNN accuracy is 0.9966%, while the loss is 0.0178%, based on a dataset. Deep learning algorithms and state-of-the-art classification models are compared for performance. In terms of accuracy and loss, the proposed model outperforms comparable models, according to the findings of our testing.