GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks
The widespread adoption of web services has heightened exposure to cybersecurity threats, particularly SQL injection (SQLi) attacks that target the database layers of web applications. Traditional Web Application Firewalls (WAFs) often fail to keep pace with evolving attack techniques, necessitating...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-12-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/17/1/8 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832588433378246656 |
|---|---|
| author | Vahid Babaey Arun Ravindran |
| author_facet | Vahid Babaey Arun Ravindran |
| author_sort | Vahid Babaey |
| collection | DOAJ |
| description | The widespread adoption of web services has heightened exposure to cybersecurity threats, particularly SQL injection (SQLi) attacks that target the database layers of web applications. Traditional Web Application Firewalls (WAFs) often fail to keep pace with evolving attack techniques, necessitating adaptive defense mechanisms. This paper introduces a novel generative AI framework designed to enhance SQLi mitigation by leveraging Large Language Models (LLMs). The framework achieves two primary objectives: (1) generating diverse and validated SQLi payloads using in-context learning, thereby minimizing hallucinations, and (2) automating defense mechanisms by testing these payloads against a vulnerable web application secured by a WAF, classifying bypassing attacks, and constructing effective WAF security rules through generative AI techniques. Experimental results using the GPT-4o LLM demonstrate the framework’s efficacy: 514 new SQLi payloads were generated, 92.5% of which were validated against a MySQL database and 89% of which successfully bypassed the ModSecurity WAF equipped with the latest OWASP Core Rule Set. By applying our automated rule-generation methodology, 99% of previously successful attacks were effectively blocked with only 23 new security rules. In contrast, Google Gemini-Pro achieved a lower bypass rate of 56.6%, underscoring performance variability across LLMs. Future work could extend the proposed framework to autonomously defend against other web attacks, including Cross-Site Scripting (XSS), session hijacking, and specific Distributed Denial-of-Service (DDoS) attacks. |
| format | Article |
| id | doaj-art-a70d313adcea411eae02140e8f1e24d7 |
| institution | Kabale University |
| issn | 1999-5903 |
| language | English |
| publishDate | 2024-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Future Internet |
| spelling | doaj-art-a70d313adcea411eae02140e8f1e24d72025-01-24T13:33:32ZengMDPI AGFuture Internet1999-59032024-12-01171810.3390/fi17010008GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection AttacksVahid Babaey0Arun Ravindran1Department of Electrical and Computer Engineering, University of North Carolina at Charlotte, Charlotte, NC 28223, USADepartment of Electrical and Computer Engineering, University of North Carolina at Charlotte, Charlotte, NC 28223, USAThe widespread adoption of web services has heightened exposure to cybersecurity threats, particularly SQL injection (SQLi) attacks that target the database layers of web applications. Traditional Web Application Firewalls (WAFs) often fail to keep pace with evolving attack techniques, necessitating adaptive defense mechanisms. This paper introduces a novel generative AI framework designed to enhance SQLi mitigation by leveraging Large Language Models (LLMs). The framework achieves two primary objectives: (1) generating diverse and validated SQLi payloads using in-context learning, thereby minimizing hallucinations, and (2) automating defense mechanisms by testing these payloads against a vulnerable web application secured by a WAF, classifying bypassing attacks, and constructing effective WAF security rules through generative AI techniques. Experimental results using the GPT-4o LLM demonstrate the framework’s efficacy: 514 new SQLi payloads were generated, 92.5% of which were validated against a MySQL database and 89% of which successfully bypassed the ModSecurity WAF equipped with the latest OWASP Core Rule Set. By applying our automated rule-generation methodology, 99% of previously successful attacks were effectively blocked with only 23 new security rules. In contrast, Google Gemini-Pro achieved a lower bypass rate of 56.6%, underscoring performance variability across LLMs. Future work could extend the proposed framework to autonomously defend against other web attacks, including Cross-Site Scripting (XSS), session hijacking, and specific Distributed Denial-of-Service (DDoS) attacks.https://www.mdpi.com/1999-5903/17/1/8generative AIadaptive defense mechanismvulnerabilityLLMSQL injectionWAF |
| spellingShingle | Vahid Babaey Arun Ravindran GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks Future Internet generative AI adaptive defense mechanism vulnerability LLM SQL injection WAF |
| title | GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks |
| title_full | GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks |
| title_fullStr | GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks |
| title_full_unstemmed | GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks |
| title_short | GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks |
| title_sort | gensqli a generative artificial intelligence framework for automatically securing web application firewalls against structured query language injection attacks |
| topic | generative AI adaptive defense mechanism vulnerability LLM SQL injection WAF |
| url | https://www.mdpi.com/1999-5903/17/1/8 |
| work_keys_str_mv | AT vahidbabaey gensqliagenerativeartificialintelligenceframeworkforautomaticallysecuringwebapplicationfirewallsagainststructuredquerylanguageinjectionattacks AT arunravindran gensqliagenerativeartificialintelligenceframeworkforautomaticallysecuringwebapplicationfirewallsagainststructuredquerylanguageinjectionattacks |