AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection

Nisrean Thalji; Ali Raza; Mohammad Shariful Islam; Nagwan Abdel Samee; Mona M. Jamjoom

doi:10.1109/ACCESS.2023.3337645

IEEE Access (Jan 2023)

AE-Net: Novel Autoencoder-Based Deep Features for SQL Injection Attack Detection

Nisrean Thalji,
Ali Raza,
Mohammad Shariful Islam,
Nagwan Abdel Samee,
Mona M. Jamjoom

Affiliations

Nisrean Thalji: ORCiD; Department of Robotics and Artificial Intelligence, Jadara University, Irbid, Jordan
Ali Raza: ORCiD; Institute of Computer Science, Khwaja Fareed University of Engineering and Information Technology, Rahim Yar Khan, Pakistan
Mohammad Shariful Islam: ORCiD; Department of Computer Science and Telecommunication Engineering, Noakhali Science and Technology University, Chattogram, Bangladesh
Nagwan Abdel Samee: ORCiD; Department of Information Technology, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia
Mona M. Jamjoom: ORCiD; Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia

DOI: https://doi.org/10.1109/ACCESS.2023.3337645
Journal volume & issue: Vol. 11
pp. 135507 – 135516

Abstract

Read online

Structured Query Language (SQL) injection attacks represent a critical threat to database-driven applications and systems, exploiting vulnerabilities in input fields to inject malicious SQL code into database queries. This unauthorized access enables attackers to manipulate, retrieve, or even delete sensitive data. The unauthorized access through SQL injection attacks underscores the critical importance of robust Artificial Intelligence (AI) based security measures to safeguard against SQL injection attacks. This study’s primary objective is the automated and timely detection of SQL injection attacks through AI without human intervention. Utilizing a preprocessed database of 46,392 SQL queries, we introduce a novel optimized approach, the Autoencoder network (AE-Net), for automatic feature engineering. The proposed AE-Net extracts new high-level deep features from SQL textual data, subsequently input into machine learning models for performance evaluations. Extensive experimental evaluation reveals that the extreme gradient boosting classifier outperforms existing studies with an impressive k-fold accuracy score of 0.99 for SQL injection detection. Each applied learning approach’s performance is further enhanced through hyperparameter tuning and validated via k-fold cross-validation. Additionally, statistical t-test analysis is applied to assess performance variations. Our innovative research has the potential to revolutionize the timely detection of SQL injection attacks, benefiting security specialists and organizations.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords