Advancing SQL Injection Detection for High-Speed Data Centers: A Novel Approach Using Cascaded NLP

作     者：Tasdemir, Kasim Khan, Rafiullah Siddiqui, Fahad Sezer, Sakir Kurugollu, Fatih Yengec-Tasdemir, Sena Busra Bolat, Alperen 

作者机构：Centre for Secure Information Technologies Queen's University Belfast Belfast United Kingdom NVIDIA Corporation Belfast United Kingdom Department of Computer Science College of Computing and Informatics University of Sharjah United Arab Emirates 

出 版 物：《arXiv》 (arXiv)

年 卷 期：2023年

核心收录：

主　　题：Machine learning 

摘      要：Detecting SQL Injection (SQLi) attacks is crucial for web-based data center security, but it s challenging to balance accuracy and computational efficiency, especially in high-speed networks. Traditional methods struggle with this balance, while NLP-based approaches, although accurate, are computationally intensive. We introduce a novel cascade SQLi detection method, blending classical and transformer-based NLP models, achieving a 99.86% detection accuracy with significantly lower computational demands-20 times faster than using transformer-based models alone. Our approach is tested in a realistic setting and compared with 35 other methods, including Machine Learning-based and transformer models like BERT, on a dataset of over 30,000 SQL sentences. Our results show that this hybrid method effectively detects SQLi in high-traffic environments, offering efficient and accurate protection against SQLi vulnerabilities with computational efficiency. The code is available at GitHub. Copyright © 2023, The Authors. All rights reserved.