International Journal For Multidisciplinary Research

E-ISSN: 2582-2160     Impact Factor: 9.24

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 7, Issue 3 (May-June 2025) Submit your research before last 3 days of June to publish your research paper in the issue of May-June.
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 7 Issue 3
May-June 2025

Submit your research paper

Indexing Partners
Academia Advanced Sciences Index Bielefeld Academic Search Engine CiteSeer DRJI Google Scholar Independent Search Engine & Directory Network ISI (International Scientific Indexing) Issuu Mendeley Research Networks
RefSeek ResearcherId - Thomson Reuters ResearchGate Scirus Scribd Semantic Scholar UTeM - Universiti Teknikal Malaysia Melaka Wiki for Call for Papers WorldCat Zenodo

A Review on Improved Sql Injection Detection using Machine Jaya-based Feature Selection and Bi-lstm

Author(s) Ms. Manisha Sahu, Ms. Kanak Prabha Lilaramani
Country India
Abstract SQL Injection (SQLi) assaults persist as one of the most prevalent and hazardous security risks aimed at web applications, allowing attackers to alter SQL queries and obtain unauthorised access to critical information. The intricacy and obscurity of contemporary SQL injection attacks have made conventional rule-based and keyword-matching detection techniques predominantly ineffective, especially in the context of polymorphic and evasive payloads. This paper presents a hybrid detection framework to tackle the issues of identifying sophisticated assaults, including feature engineering, JAYA-based feature selection, and a two-level hybrid classification model that includes LightGBM and BiLSTM. The initial phase of the framework entails the extraction of discriminative features from SQL queries, using both syntactic features (including keyword frequency, query duration, and special character ratios) and semantic features obtained via BERT/DistilBERT embeddings. The incorporation of these elements enhances the representation of SQL queries, allowing the model to discern both superficial and profound, context-dependent patterns.
A major obstacle in SQL injection detection is the disparity in class distribution between benign and malicious queries. To address this issue, the research employs a hybrid resampling method that integrates SMOTE (Synthetic Minority Over-sampling Technique) with Tomek Links to equilibrate the dataset, thereby diminishing the potential for model bias and enhancing generalisation. The JAYA optimisation algorithm, a parameter-free metaheuristic technique, is utilised to choose an optimal subset of features from the high-dimensional feature space, guaranteeing that only the most pertinent characteristics are employed in classification.
The second phase of the framework employs a dual-level hybrid categorisation approach. The LightGBM (Light Gradient Boosting Machine) classifier is initially utilised on the chosen feature set for rapid and accurate classification of straightforward query patterns. When the confidence score is below a specified threshold, the query is directed to a BiLSTM (Bidirectional Long Short-Term Memory) model. The BiLSTM model analyses queries as sequences, acquiring temporal and structural relationships, which is especially beneficial for detecting intricate or concealed SQLi patterns. The ultimate conclusion is derived from the integration of both models' results, guaranteeing efficiency for straightforward enquiries and profound analytical capacity for intricate ones.
The suggested hybrid model has exceptional performance, attaining an accuracy of 99.67% in identifying SQLi attacks, outpacing conventional methods such Logistic Regression, Naive Bayes, and CNN. The model surpasses traditional detection methods regarding precision, recall, and F1-score, markedly decreasing both false positives and false negatives. Moreover, the framework is engineered for scalability and can be modified for real-time detection systems, rendering it exceptionally appropriate for implementation in online applications.
This research enhances the field by providing a sophisticated, multi-tiered methodology for SQL injection detection capable of addressing diverse query complexities. Future research will investigate the incorporation of privacy-preserving methodologies to guarantee the security and confidentiality of user data throughout the detection process. Moreover, subsequent research will concentrate on improving the system's adaptability to changing attack patterns and optimising its performance for extensive, real-world applications.
Keywords SQL injection, Web application security, HTTP requests, Network security, Machine learning, Database attack, Deep learning.
Field Engineering
Published In Volume 7, Issue 2, March-April 2025
Published On 2025-04-26
DOI https://doi.org/10.36948/ijfmr.2025.v07i02.42747
Short DOI https://doi.org/g9gvgb
View / Download PDF File

Share this



E-ISSN 2582-2160
CrossRef

CrossRef DOI is assigned to each research paper published in our journal.

IJFMR DOI prefix is
10.36948/ijfmr

Downloads
Research Paper Format Copyright Permission Form and Undertaking Form Cover Page Vol 7 Isu 2Cover Page Vol 7 Isu 1Cover Page Vol 6 Isu 6

All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.

CC-BY-SA Open Access

About IJFMR
Fees & Payment
Current Issue
Publication Archive 		Submit Research Paper
Track Submission Status
Publication Guidelines
Publication Ethics
Peer Review & Plagiarism 		Join as a Reviewer
Editors & Reviewers
Reviewer Referral Program
Get Reviewer Membership Certi. 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy
Contact Us +91-9687-828-838 editor@ijfmr.com