SQL Injection Detection Based on Lightweight Multi-Head Self-Attention
This paper presents a novel neural network model for the detection of Structured Query Language (SQL) injection attacks for web applications. The model features high detection accuracy, fast inference speed, and low weight size. The model is based on a novel Natural Language Processing (NLP) techniq...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/2/571 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832589258993434624 |
|---|---|
| author | Rui-Teng Lo Wen-Jyi Hwang Tsung-Ming Tai |
| author_facet | Rui-Teng Lo Wen-Jyi Hwang Tsung-Ming Tai |
| author_sort | Rui-Teng Lo |
| collection | DOAJ |
| description | This paper presents a novel neural network model for the detection of Structured Query Language (SQL) injection attacks for web applications. The model features high detection accuracy, fast inference speed, and low weight size. The model is based on a novel Natural Language Processing (NLP) technique, where a tokenizer for converting SQL queries into tokens is adopted as a pre-processing stage for detection. Only SQL keywords and symbols are considered as tokens for removing noisy information from input queries. Moreover, semantic labels are assigned to tokens for highlighting malicious intentions. For the exploration of correlation among the tokens, a lightweight multi-head self-attention scheme with a position encoder is employed. Experimental results show that the proposed algorithm has high detection performance for SQL injection. In addition, compared to its lightweight NLP counterparts based on self-attention, the proposed algorithm has the lowest weight size and highest inference speed. It consumes only limited computation and storage overhead for web services. In addition, it can even be deployed in the edge devices with low computation capacity for online detection. The proposed algorithm therefore is an effective low-cost solution for SQL injection detection. |
| format | Article |
| id | doaj-art-565d0ea65e8849ffaa9af2d3445960fc |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-565d0ea65e8849ffaa9af2d3445960fc2025-01-24T13:19:52ZengMDPI AGApplied Sciences2076-34172025-01-0115257110.3390/app15020571SQL Injection Detection Based on Lightweight Multi-Head Self-AttentionRui-Teng Lo0Wen-Jyi Hwang1Tsung-Ming Tai2Department of Computer Science and Information Engineering, National Taiwan Normal University, Taipei 116, TaiwanDepartment of Computer Science and Information Engineering, National Taiwan Normal University, Taipei 116, TaiwanNVIDIA AI Technology Center, NVIDIA Taiwan, Taipei 114, TaiwanThis paper presents a novel neural network model for the detection of Structured Query Language (SQL) injection attacks for web applications. The model features high detection accuracy, fast inference speed, and low weight size. The model is based on a novel Natural Language Processing (NLP) technique, where a tokenizer for converting SQL queries into tokens is adopted as a pre-processing stage for detection. Only SQL keywords and symbols are considered as tokens for removing noisy information from input queries. Moreover, semantic labels are assigned to tokens for highlighting malicious intentions. For the exploration of correlation among the tokens, a lightweight multi-head self-attention scheme with a position encoder is employed. Experimental results show that the proposed algorithm has high detection performance for SQL injection. In addition, compared to its lightweight NLP counterparts based on self-attention, the proposed algorithm has the lowest weight size and highest inference speed. It consumes only limited computation and storage overhead for web services. In addition, it can even be deployed in the edge devices with low computation capacity for online detection. The proposed algorithm therefore is an effective low-cost solution for SQL injection detection.https://www.mdpi.com/2076-3417/15/2/571cyber securitySQL injection detectionnatural language processingmachine learningdeep learning |
| spellingShingle | Rui-Teng Lo Wen-Jyi Hwang Tsung-Ming Tai SQL Injection Detection Based on Lightweight Multi-Head Self-Attention Applied Sciences cyber security SQL injection detection natural language processing machine learning deep learning |
| title | SQL Injection Detection Based on Lightweight Multi-Head Self-Attention |
| title_full | SQL Injection Detection Based on Lightweight Multi-Head Self-Attention |
| title_fullStr | SQL Injection Detection Based on Lightweight Multi-Head Self-Attention |
| title_full_unstemmed | SQL Injection Detection Based on Lightweight Multi-Head Self-Attention |
| title_short | SQL Injection Detection Based on Lightweight Multi-Head Self-Attention |
| title_sort | sql injection detection based on lightweight multi head self attention |
| topic | cyber security SQL injection detection natural language processing machine learning deep learning |
| url | https://www.mdpi.com/2076-3417/15/2/571 |
| work_keys_str_mv | AT ruitenglo sqlinjectiondetectionbasedonlightweightmultiheadselfattention AT wenjyihwang sqlinjectiondetectionbasedonlightweightmultiheadselfattention AT tsungmingtai sqlinjectiondetectionbasedonlightweightmultiheadselfattention |