Enhancing SQL Injection Detection and Prevention Using Generative Models
Journal:
arXiv
Published Date:
Feb 7, 2025
Abstract
SQL Injection (SQLi) continues to pose a significant threat to the security
of web applications, enabling attackers to manipulate databases and access
sensitive information without authorisation. Although advancements have been
made in detection techniques, traditional signature-based methods still
struggle to identify sophisticated SQL injection attacks that evade predefined
patterns. As SQLi attacks evolve, the need for more adaptive detection systems
becomes crucial. This paper introduces an innovative approach that leverages
generative models to enhance SQLi detection and prevention mechanisms. By
incorporating Variational Autoencoders (VAE), Conditional Wasserstein GAN with
Gradient Penalty (CWGAN-GP), and U-Net, synthetic SQL queries were generated to
augment training datasets for machine learning models. The proposed method
demonstrated improved accuracy in SQLi detection systems by reducing both false
positives and false negatives. Extensive empirical testing further illustrated
the ability of the system to adapt to evolving SQLi attack patterns, resulting
in enhanced precision and robustness.
