Article: Channel minimised depth-wise CNN with node weighted tree-LSTM model to detect nested query-based SQL injection attacks Journal: International Journal of Intelligent Engineering Informatics (IJIEI) 2025 Vol.13 No.1 pp.78 - 113 Abstract: With advanced communication technologies, the fully connected world is increasingly vulnerable to web attacks, particularly SQL injection attacks (SQLIAs). Attackers constantly discover new ways to exploit database vulnerabilities, necessitating that researchers stay updated on the latest attack vectors. While many current methods effectively detect SQLIAs in simple queries, they often struggle with complex nested sub-queries. This paper proposes a novel approach using a node-weighted parse tree to extract key tokens from SQL queries. The proposed method integrates a depth-wise convolutional neural network (DWCNN) for feature extraction and a tree-LSTM for classifying queries as either legitimate or injected. The proposed DWCNN reduces the node-weighted parse tree through custom filtering, and a class-based TF-IDF (C_TF_IDF) similarity score is assigned to the bigrams of the reduced parse tree, as these possess unique scores for two classes of queries based on their frequency in the dataset. Tree-LSTM's capability to recognise long-distance interactions within hierarchies then uses these scores to classify the query. The model achieves superior accuracy, with 98.9% for simple queries and 98.2% for complex queries, outperforming current state-of-the-art methods on standard benchmark datasets. Inderscience Publishers - linking academia, business and industry through research

Title: Channel minimised depth-wise CNN with node weighted tree-LSTM model to detect nested query-based SQL injection attacks

Authors: A. Meharaj Begum; Michael Arock; U. Srinivasulu Reddy

Addresses: Department of Computer Applications, National Institute of Technology, Tiruchirappalli, Tamilnadu, India ' Department of Computer Applications, National Institute of Technology, Tiruchirappalli, Tamilnadu, India ' Department of Computer Applications, National Institute of Technology, Tiruchirappalli, Tamilnadu, India

Abstract: With advanced communication technologies, the fully connected world is increasingly vulnerable to web attacks, particularly SQL injection attacks (SQLIAs). Attackers constantly discover new ways to exploit database vulnerabilities, necessitating that researchers stay updated on the latest attack vectors. While many current methods effectively detect SQLIAs in simple queries, they often struggle with complex nested sub-queries. This paper proposes a novel approach using a node-weighted parse tree to extract key tokens from SQL queries. The proposed method integrates a depth-wise convolutional neural network (DWCNN) for feature extraction and a tree-LSTM for classifying queries as either legitimate or injected. The proposed DWCNN reduces the node-weighted parse tree through custom filtering, and a class-based TF-IDF (C_TF_IDF) similarity score is assigned to the bigrams of the reduced parse tree, as these possess unique scores for two classes of queries based on their frequency in the dataset. Tree-LSTM's capability to recognise long-distance interactions within hierarchies then uses these scores to classify the query. The model achieves superior accuracy, with 98.9% for simple queries and 98.2% for complex queries, outperforming current state-of-the-art methods on standard benchmark datasets.

Keywords: SQL injection attack detection; nested sub-query; node weighted parse tree; depth-wise CNN; Class_based TF_IDF.

DOI: 10.1504/IJIEI.2025.144267

International Journal of Intelligent Engineering Informatics, 2025 Vol.13 No.1, pp.78 - 113

Received: 12 Apr 2024
Accepted: 10 Jun 2024
Published online: 04 Feb 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Channel minimised depth-wise CNN with node weighted tree-LSTM model to detect nested query-based SQL injection attacks

Keep up-to-date