OPTIMIZING CONVOLUTIONAL NEURAL NETWORKS FOR REAL-TIME SQL INJECTION DETECTION IN POSTGRESQL DATABASES WITH A FOCUS ON REDUCING FALSE POSITIVES

ABSTRACT

SQL Injection (SQLi) attacks continue to pose a critical threat to web applications by enabling unauthorized database access through malicious SQL statements. Traditional detection systems, including signature-based and machine learning (ML)-based approaches, often fall short in identifying sophisticated or obfuscated attacks, leading to high false positive rates. In this research, we propose and evaluate a hybrid detection architecture that combines three popular ML models—Random Forest, Support Vector Machine, and Logistic Regression—with a Convolutional Neural Network (CNN) designed for natural language processing tasks. While a Voting Classifier is used to aggregate the predictions of the ML models, comparative analysis shows that the CNN consistently outperforms them in terms of accuracy, precision, and reduction of false positives. The entire pipeline is trained and tested using a publicly available dataset and deployed in a PostgreSQL environment for real-time SQLi detection. Our results demonstrate the effectiveness of deep learning—particularly CNNs—for identifying SQL injection threats more reliably than traditional approaches.

АННОТАЦИЯ

Атаки типа SQL Injection (SQLi) по-прежнему представляют серьезную угрозу для веб-приложений, так как позволяют получить несанкционированный доступ к базам данных посредством вредоносных SQL-запросов. Традиционные системы обнаружения, включая подходы, основанные на сигнатурах и методах машинного обучения (ML), часто оказываются недостаточно эффективными при выявлении сложных или замаскированных атак, что приводит к высокому уровню ложных срабатываний. В данной работе предлагается и оценивается гибридная архитектура обнаружения, объединяющая три популярных ML-модели — Random Forest, Support Vector Machine и Logistic Regression — с нейросетевой моделью на основе сверточной нейронной сети (CNN), предназначенной для задач обработки естественного языка. Для объединения предсказаний ML-моделей используется алгоритм голосующего классификатора (Voting Classifier), однако сравнительный анализ показывает, что CNN стабильно превосходит их по точности, прецизионности и снижению числа ложных срабатываний. Вся система обучена и протестирована на общедоступном наборе данных и развернута в среде PostgreSQL для обнаружения SQLi-атак в реальном времени. Полученные результаты подтверждают эффективность глубокого обучения — особенно сверточных нейронных сетей — в более надежном выявлении угроз SQL-инъекций по сравнению с традиционными методами.

Keywords: SQL Injection, Convolutional Neural Networks, Machine Learning, Cybersecurity, False Positives, PostgreSQL, Real-Time Detection, Voting Classifier

Ключевые слова: SQL-инъекция, сверточные нейронные сети, машинное обучение, кибербезопасность, ложные срабатывания, PostgreSQL, обнаружение в реальном времени, голосующий классификатор.

Introduction

Web applications are a central part of modern digital infrastructure, providing critical services in finance, healthcare, education, and many other sectors. However, this convenience comes with growing cybersecurity risks. One of the most dangerous and persistent threats is SQL Injection (SQLi) — a technique where attackers insert specially crafted SQL code into web application inputs to manipulate backend databases. These attacks can lead to unauthorized data access, data loss, or complete system compromise.

According to the 2023 Verizon Data Breach Investigations Report [2], SQL injection attacks accounted for nearly 12% of all web application breaches, with financial and healthcare sectors being disproportionately targeted. Additionally, research from CyCognito [3] highlighted that more than 30% of web applications scanned exhibited some form of SQL injection vulnerability. Notable real-world cases include attacks on British Airways [4] and TalkTalk [5], where SQLi vulnerabilities led to massive data leaks.

Due to their severity and frequency, SQLi vulnerabilities have consistently ranked among the top threats in the Open Web Application Security Project (OWASP) Top 10 list, most recently appearing as A03:2021-Injection [1].

Figure 1. OWASP Top 10 vulnerabilities

Since SQL continues to serve as the primary language for interacting with relational databases, SQL injection (SQLi) vulnerabilities represent a pervasive and persistent threat. A common illustration of such an attack involves submitting a manipulated query, for example:

SELECT * FROM users WHERE id = '' OR '1'='1'--';

Such queries can bypass authentication and expose sensitive information. The ability to detect these patterns reliably and in real-time is vital for protecting critical systems.

Traditional SQLi detection methods — such as signature-based systems, manual rules, and static web application firewalls (WAFs) — often fail to keep pace with modern, increasingly sophisticated attacks. Their static logic cannot adapt to new patterns, making them vulnerable to simple obfuscations; for example, while they may detect a basic OR 1=1 injection, they often miss modified versions like OR/**/1=1 or OR+1=1--. Moreover, traditional systems cannot learn from new threats and require constant manual updates. They are also prone to high false positive rates, incorrectly flagging legitimate queries and disrupting normal operations. These limitations highlight the need for adaptive models that can dynamically recognize malicious behavior without relying on rigid, predefined rules.

While achieving high detection rates is critical, minimizing false positives is equally important for real-world usability. High false positive rates can disrupt legitimate business operations, such as blocking valid customer transactions, and contribute to alert fatigue among security teams, ultimately reducing trust in the detection system. They also increase administrative overhead, as analysts must spend time reviewing benign cases. In latency-sensitive environments like financial systems and online marketplaces, false positives can directly impact revenue and degrade the user experience. Therefore, this research focuses not only on maximizing classification accuracy but also on systematically reducing false positives through architectural optimizations in the detection pipeline.

PostgreSQL was chosen because it is one of the most widely used and rapidly growing open-source relational databases, trusted by companies like Spotify, Instagram, and Apple. According to the 2024 Stack Overflow Developer Survey [6], PostgreSQL ranks as the most loved and the second most used database technology, making it an ideal and practical platform for developing and validating real-world SQL injection detection systems.

To address the limitations of traditional detection approaches, researchers have increasingly explored machine learning (ML) and deep learning (DL) models for SQLi detection, leveraging their ability to learn from data and generalize to unseen attack vectors. Numerous studies have applied ML models such as Support Vector Machines (SVM), Random Forest (RF), Logistic Regression (LR), and Naïve Bayes (NB) to SQLi classification tasks. These models typically use feature extraction and vectorization techniques to represent SQL queries numerically for classification. However, they often require extensive manual preprocessing and still suffer from high false positive rates, limiting their practical application in real-time environments.

In contrast, Convolutional Neural Networks (CNNs) have demonstrated significant success in text classification tasks by automatically extracting hierarchical and semantic patterns from sequences of text. Prior research has highlighted the effectiveness of CNNs in cybersecurity applications, including intrusion detection and spam filtering. For example, Menaka et al. [7] proposed a hybrid CNN-RF model for SQLi detection, achieving 95.67% accuracy, while Shahbaz et al. [8] achieved over 96% precision using a CNN-based model trained on SQL query datasets.

Building on these insights, this study proposes a hybrid SQLi detection framework that combines three ML classifiers — SVM, RF, and LR — using a Voting Classifier ensemble and compares their performance to a standalone CNN model. The system is trained and tested on a hybrid dataset composed of two parts: a publicly available SQL injection dataset sourced from Kaggle, and a custom collection of real-world, benign SQL queries manually extracted from a PostgreSQL environment. Model performance is evaluated based on accuracy, precision, recall and false positive rate.

To validate real-world applicability, we deploy the final models within a PostgreSQL environment for real-time SQLi detection. Our results demonstrate that CNN not only outperforms traditional ML classifiers in overall accuracy but is particularly effective at reducing false positives, making it a strong candidate for deployment in security-critical applications.

Materials and methods

1. Literature Review

SQL injection (SQLi) attacks remain a significant threat to web applications, exploiting vulnerabilities in input validation to manipulate backend databases. Traditional detection methods, such as signature-based and rule-based systems, often fall short in identifying novel or obfuscated SQLi attacks. Consequently, researchers have turned to machine learning (ML) and deep learning (DL) techniques to enhance detection capabilities.​

1.1 Machine Learning Approaches

Early research into SQL injection (SQLi) detection explored classical machine learning (ML) methods to classify SQL queries as malicious or benign. Widely adopted classifiers include Support Vector Machines (SVM), Random Forests (RF), Logistic Regression (LR), Naïve Bayes (NB), Decision Trees (DT), and K-Nearest Neighbors (KNN), typically applied to vectorized or tokenized representations of SQL strings. These approaches often rely on feature extraction techniques such as n-gram modeling, TF-IDF, and keyword frequency analysis [9][10].

Singh et al. applied these traditional models in their early work, demonstrating how ML techniques could outperform static filters by learning behavioral patterns from query structures [10]. More recently, Misquitta and Asha evaluated a variety of classical models — including LR, RF, and SVM — on a Kaggle-based SQLi dataset and observed that although models achieved high accuracy, their performance deteriorated when tested against obfuscated or adversarially crafted inputs [11].

Despite their popularity, classical ML approaches face significant limitations. As emphasized in the systematic review by Alghawazi et al., these models often require extensive manual feature engineering and are prone to high false positive rates due to their sensitivity to structural variation in benign queries [9]. These drawbacks hinder their effectiveness in real-time, production-grade environments where input variability is high.

However, as emphasized in the systematic review by Alghawazi et al. [9], these approaches often require extensive feature engineering and are prone to high false positive rates, limiting their practical application in real-time systems.​

1.2 Deep Learning Techniques

Deep learning (DL) models have emerged as powerful tools for SQL injection (SQLi) detection by automatically extracting hierarchical and semantic patterns from raw SQL queries, thereby reducing the reliance on manual feature engineering. Among DL architectures, Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs) are particularly prominent.

Falor et al. proposed a CNN-based SQLi detection system that achieved strong classification performance by learning local semantic patterns from SQL queries without requiring extensive manual preprocessing [12]. Extending this approach, Gandhi et al. developed a CNN-BiLSTM model that combines convolutional layers for feature extraction with bidirectional long short-term memory (BiLSTM) layers to capture sequential dependencies and contextual relationships in SQL query structures, thereby enhancing detection robustness against obfuscated attacks [13].

Further advancements in pure deep learning have focused on improving model generalization. For instance, Gorgulu Kakisim introduced a multi-view deep learning approach, where different CNN-based architectures are trained from multiple perspectives and aggregated, resulting in improved resilience across diverse attack types [14]. Similarly, Sun et al. developed a deep learning-based detection system optimized for real-time web application environments, aiming to achieve high detection accuracy while maintaining low latency and minimizing false positives [15].

Additionally, Tadhani and Vekariya proposed a novel deep convolutional neural model tailored for detecting both SQLi and cross-site scripting (XSS) attacks, showcasing that deeper feature extraction networks can effectively mitigate complex web security threats [16].

Collectively, these studies highlight that deep learning techniques, particularly those based on convolutional and sequential learning mechanisms, offer substantial advantages for scalable, real-time SQLi detection systems operating in dynamic and adversarial environments.

1.3 Hybrid Models and Ensemble Methods

To further enhance detection performance, researchers have explored hybrid models that combine machine learning (ML) and deep learning (DL) techniques. Menaka et al. proposed a hybrid CNN-Random Forest (RF) model, where CNN layers extract semantic features and RF performs classification, resulting in higher accuracy and reduced false positives compared to standalone approaches [7].

In addition, Abdulhamza and Al-Janabi employed 2D-Convolutional Neural Networks (2D-CNN) combined with traditional classification layers to improve SQLi detection robustness [17]. Alghawazi et al. introduced a feature fusion approach that ensembles multiple feature representations to maximize classification precision and resilience against diverse attack patterns [18].

These studies highlight that hybrid and ensemble methods can leverage the complementary strengths of DL feature extraction and ML classification to build more resilient SQLi detection systems.

1.4 Adversarial Learning and Generative Models

Recent advancements in SQLi detection have embraced adversarial learning and generative models to improve system adaptability. Dasari et al. proposed using Conditional Wasserstein GANs (CWGAN-GP) to generate synthetic SQL injection queries, augmenting training datasets and enhancing the detection of sophisticated attacks [19]. Similarly, the IE-GAN framework generates diverse SQLi payloads to expose vulnerabilities and train more resilient models [20].

Beyond GAN-based methods, Sommervoll introduced a reinforcement learning (RL) approach where agents simulate different SQLi exploitation patterns, helping models anticipate dynamic attack strategies [21]. Alghawazi et al. [22] explored the use of deep RNN autoencoders to automatically learn hidden patterns in SQL queries, offering a lightweight alternative to more computationally intensive CNN-based models.

These innovations demonstrate a clear shift toward building SQLi detection systems capable of evolving alongside emerging threats through synthetic data generation, behavior simulation, and semantic structure analysis.

2. Bibliometric Analysis of SQL Injection Detection Research (2018–2025)

To provide quantitative support for the relevance and urgency of SQL injection (SQLi) detection in cybersecurity research, we conducted a bibliometric analysis of publications indexed in the IEEE Xplore database. This analysis aimed to identify recent trends in academic attention devoted to SQL injection (SQLi) detection, with a particular focus on the use of machine learning and deep learning techniques, including convolutional neural networks (CNNs). The study also highlights the increasing prevalence of these models and the overall growth in research output within this domain.

The search was performed using the keywords "SQL injection", "detection", and "prevention" covering the publication period from 2018 to 2025. The results revealed a steady increase in the number of research papers addressing SQLi detection techniques, indicating ongoing academic interest in mitigating this threat.

Figure 2. Annual Number of SQL Injection-Related Publications (IEEE Xplore, 2018–2025)

To further inform our model selection process, we examined which machine learning algorithms were most frequently used in SQLi detection research.

Figure 3. Distribution of Machine Learning Models Used in SQLi Detection (IEEE Xplore, 2018–2025)

From this data, it is evident that neural networks, especially convolutional and recurrent variants, have become increasingly prominent due to their ability to learn complex patterns in sequential data such as SQL queries. Based on these findings, we selected Logistic Regression, Support Vector Machine, and Random Forest as our baseline machine learning models. These choices reflect the most frequently applied techniques in literature. In parallel, we implemented a Convolutional Neural Network (CNN) to assess the effectiveness of deep learning methods in comparison with traditional approaches. This selection strategy ensures that our comparative analysis is aligned with current research practices and technological developments.

3. Methodology

3.1 Dataset

The dataset used in this study is composed of two parts: a publicly available dataset of SQL injection examples sourced from Kaggle, and a custom collection of real-world, benign SQL queries extracted from a PostgreSQL environment. This hybrid dataset was created with the goal of training a robust binary classification model capable of accurately detecting SQL injection (SQLi) attacks in realistic deployment scenarios.

The base dataset was obtained from Kaggle and consists of 148,326 unique SQL queries, each labeled as either malicious (SQLi) or benign. Among these, 77,750 queries are labeled as malicious (label = 1) and 70,576 as benign (label = 0), resulting in a relatively balanced distribution. This dataset was chosen due to its inclusion of a diverse range of injection types, including tautology-based injections (OR 1=1), union-based payloads (UNION SELECT), and common obfuscation techniques using SQL keywords and comment symbols.

Figure 4. Distribution of SQL query labels in the dataset

To better understand the structural characteristics of these queries, we performed an initial exploratory analysis. Query length, token count, special character usage, and SQL keyword frequency were computed and analyzed. The results showed that malicious queries generally exhibited longer lengths, more symbols (e.g., ', --, ;), and a higher density of reserved SQL keywords compared to benign queries. These properties were later used as features in the model training process.

Figure 5. Distribution of SQL query lengths in the dataset

Table 1.

Database

To improve the model’s performance in PostgreSQL-specific environments, we extended the dataset by incorporating real SQL queries executed in a PostgreSQL database. These queries were collected through the DBeaver SQL client by extracting recent entries from the built-in Query Manager. Since these logs originate from a production-like environment, they provide realistic examples of benign SQL usage patterns, including queries related to data selection, insertion, updates, and schema inspection.

All collected queries were manually reviewed to ensure that none contained injection-like patterns. To avoid introducing class imbalance into the training data, we randomly sampled a subset of 5,000 benign PostgreSQL queries, which were then added to the existing benign class of the Kaggle dataset. This helped enrich the model's understanding of legitimate PostgreSQL syntax while preserving class balance across the dataset.

Given that real-world SQL injection attempts were not present in the collected PostgreSQL logs, a separate set of 1,000 synthetic malicious queries was constructed to reflect PostgreSQL-specific injection patterns. These queries were carefully crafted based on known attack techniques compatible with PostgreSQL syntax, including:

• Logical manipulation with tautologies (e.g., WHERE '1'='1')
• Use of comment delimiters (--)
• Injections using UNION SELECT and DROP TABLE
• PostgreSQL-specific constructs like type casting (::text) and RETURNING clauses

These synthetic examples were labeled as malicious (label = 1) and added to the dataset to ensure that the model would encounter PostgreSQL-relevant attack vectors during training.

After combining the Kaggle dataset with the enriched PostgreSQL component, the final dataset consisted of 154,326 queries, with 78,750 labeled as malicious and 75,576 as benign. This composition supports balanced binary classification and ensures the model is trained on both generic SQL injection patterns and real-world PostgreSQL usage.

The resulting dataset includes a mix of raw query text and engineered features such as query length, token count, special character frequency, and SQL keyword ratio. These features were used both independently and in combination with vectorized text representations to optimize model performance across machine learning and deep learning architectures.

3.2 Data Preprocessing and Feature Representation

To prepare the dataset for modeling, SQL queries were transformed into structured numerical formats suitable for both traditional machine learning and deep learning approaches.

For machine learning models, queries were vectorized using TF-IDF with a vocabulary size of 10,000. These vectors were then combined with engineered features — such as query length and special character counts — to form the complete input vector.

For the CNN model, queries were tokenized using Keras’ Tokenizer and converted into integer sequences. These sequences were padded to a fixed length to ensure consistent input size and then passed through an embedding layer during training.

An 80/20 stratified train-test split was used to maintain class balance. All transformations were fitted on the training data and applied to the test set to prevent data leakage.

3.3 Model Architecture and Training

This section outlines the architecture and training procedures for both traditional machine learning models and the convolutional neural network (CNN) designed for SQL injection detection. Special attention is given to CNN optimization strategies focused on reducing false positives, a key objective of this study.

3.3.1 Traditional Machine Learning Models

Three classical classifiers were implemented: Logistic Regression, Support Vector Machine (SVM), and Random Forest. These models were selected based on their frequent application in SQL injection detection research, as highlighted in the bibliometric analysis in Section 4.

Each model was trained on a feature set combining TF-IDF representations of SQL queries with a set of engineered features (query length, token count, special character frequency, and keyword ratio). This hybrid approach enabled the models to learn both syntactic structure and statistical patterns.

All models were developed using the scikit-learn library. Their hyperparameters were optimized using grid search with 5-fold cross-validation on the training set. To enhance predictive robustness, the three base classifiers were combined into a soft voting ensemble, where each model’s output probability contributed to the final classification decision.

3.3.2 Convolutional Neural Network (CNN)

A custom CNN model was designed to automatically learn patterns from tokenized SQL queries. The primary objective in designing the CNN was to reduce false positives, which are especially problematic in real-time SQL injection detection, as they can block legitimate queries and negatively impact user experience.

The CNN architecture consisted of the following components:

• An Embedding layer that transformed tokenized queries into dense vector representations
• A 1D Convolutional layer with ReLU activation to capture local n-gram features in the input sequence
• A Global Max Pooling layer to reduce dimensionality while preserving the most relevant features
• A fully connected Dense layer for feature consolidation
• A Sigmoid activation layer for binary classification (malicious vs. benign)

To address the initially high false positive rate observed during early experiments, several design and training modifications were applied:

• Dropout regularization was introduced after the dense layer to reduce overfitting on benign patterns and improve generalization
• Early stopping was configured to monitor the validation F1-score, ensuring a balance between precision and recall rather than relying solely on loss
• Kernel size tuning was performed to capture optimal local patterns indicative of SQL injection syntax
• Sequence padding was refined by using the 95th percentile of query lengths to avoid excessive padding that might dilute meaningful patterns

These optimizations were introduced iteratively and their impact on reducing false positives was monitored throughout training (see Section 6.4).

The CNN was trained on padded sequences generated using Keras' Tokenizer, limited to the top 10,000 most frequent tokens in the dataset. The model was compiled with the binary cross-entropy loss function and optimized using Adam. It was trained for 5 epochs with a batch size of 64, and early stopping was triggered based on validation performance.

All models — traditional and CNN — were trained using the same 80/20 stratified train-test split, ensuring a fair comparison in the following results section.

Figure 6. End-to-End Pipeline for SQL Injection Detection Using Machine Learning and CNN

3.4 Evaluation Metrics

To assess the performance of the models in detecting SQL injection (SQLi) attacks, we used four widely accepted classification metrics: accuracy, precision, recall, and F1-score. These metrics provide insight into not only the correctness of model predictions but also the trade-offs between identifying malicious queries and avoiding false alarms.

• Accuracy measures the overall proportion of correctly predicted queries (both benign and malicious).
• Precision quantifies how many queries predicted as malicious are actually malicious, reflecting the false positive rate.
• Recall (or sensitivity) measures how many actual malicious queries were correctly detected, highlighting the model's ability to minimize false negatives.
• F1-score is the harmonic means of precision and recall, offering a balanced evaluation of both types of errors.

In addition to these metrics, a confusion matrix was used to visualize the number of true positives, true negatives, false positives, and false negatives for each model. This helps interpret the specific types of errors made by each classifier.

Furthermore, we measured each model's training time and testing time to evaluate computational efficiency. These timing metrics are essential for determining the practical suitability of models in real-time SQL injection detection systems, where quick responses are as critical as predictive accuracy. The results are detailed in the next section.

Results and Discussion

The table below compares the performance of the models on the test set in terms of accuracy, precision, recall, F1-score:

Table 2.

Performance Comparison of Models

While traditional machine learning models demonstrated strong and efficient performance, CNN outperformed all other models in every classification metric.

Figure 7. Confusion Matrix

CNN exhibited the lowest false positive count, affirming its suitability for real-time detection systems where false alarms must be minimized.

The following table tracks the number of false positives on the validation set across multiple CNN iterations. Each modification addressed overfitting and threshold sensitivity — two common contributors to false alarms in binary classification tasks.

Table 1.

Impact of Architectural and Training Adjustments on CNN False Positives

This incremental optimization process demonstrates that tuning the CNN architecture and training logic led to a consistent reduction in false positives, without compromising overall classification performance. These refinements improve the model’s reliability in PostgreSQL-based environments, where real-time intrusion detection must balance precision with operational stability.

A real-time prediction function was implemented using pre-trained models for both the CNN and the Voting Classifier. The function accepts a raw SQL query as input and returns classification results on-the-fly. It uses a TF-IDF vectorizer for traditional models and tokenization with padding for CNN input. This setup demonstrates practical viability for deployment in systems requiring real-time SQL injection detection, such as PostgreSQL-backed APIs or database gateways.

Conclusion

This study proposed and optimized a convolutional neural network (CNN) for real-time SQL injection detection in PostgreSQL environments, with a focus on reducing false positives. The CNN outperformed traditional machine learning models in all classification metrics, achieving the lowest false positive rate after iterative architectural and training adjustments. The final model configuration, including dropout, early stopping, kernel size tuning, and dynamic padding, proved effective in enhancing precision while maintaining high recall. These results demonstrate the suitability of the optimized CNN for deployment in practical, latency-sensitive database systems.

References:

1. OWASP Foundation, “OWASP Top 10: 2021 – A03: Injection,” 2021. [Online]. Available: https://owasp.org/Top10/A03_2021-Injection/ 
2. Verizon, “2023 Data Breach Investigations Report”, 2023. [Online]. Available: https://inquest.net/wp-content/uploads/2023-data-breach-investigations-report-dbir.pdf
3. CyCognito, “2024 State of Web Application Security Testing”, 2024. [Online]. Available: https://www.cycognito.com/documents/reports/CyCognito-State-of-Web-Application-Seucirty-Testing-2024.pdf
4. “British Airways data breach”, Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/British_Airways_data_breach
5. “2015 TalkTalk data breach”, Wikipedia. [Online]. Available: https://en.wikipedia.org/wiki/2015_TalkTalk_data_breach
6. Stack Overflow, “Developer Survey Results 2024”, 2024. [Online]. Available: https://survey.stackoverflow.co/2024/technology#1-databases
7. S. R. Menaka, G. Dharani, P. Kalaivani, S. Rahman Basha, S. K. Shree Hareeth, and V. Kalaiyarasan, “An Efficient SQL Injection Detection with a Hybrid CNN & Random Forest Approach,” Journal of Information Systems Engineering & Management, vol. 10, no. 18s, 2025. https://doi.org/10.52783/jisem.v10i18s.2979
8. M. Shahbaz, G. Mumtaz, S. Zubair, and M. Rehman, “Evaluating CNN Effectiveness in SQL Injection Attack Detection”, Journal of Computing & Biomedical Informatics, vol. 7, no. 2, 2024. DOI: 10.56979
9. M. Alghawazi, D. Alghazzawi, and S. Alarifi, “Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review”, Journal of Cybersecurity and Privacy, vol. 2, no. 4, pp. 764–777, 2022. DOI: 10.3390/jcp2040039
10. G. Singh, D. Kant, U. Gangwar, and A. P. Singh, “SQL Injection Detection and Correction Using Machine Learning Techniques”, Emerging ICT for Bridging the Future, Springer, Cham, 2015, pp. 463–471. DOI: 10.1007/978-3-319-13728-5_49
11. J. Misquitta and S. Asha, “SQL Injection Detection using Machine Learning and Convolutional Neural Networks”, 2023 International Conference on Artificial Intelligence and Smart Systems (ICAIS), 2023. https://ieeexplore.ieee.org/document/10061019
12. A. Falor, M. Hirani, H. Vedant, P. Mehta, and D. Krishnan, “A Deep Learning Approach for Detection of SQL Injection Attacks Using Convolutional Neural Networks”, Springer, 2021. DOI: 10.1007/978-981-16-6285-0_24
13. N. Gandhi, J. Patel, R. Sisodiya, N. Doshi, and S. Mishra, “A CNN-BiLSTM Based Approach for Detection of SQL Injection Attacks”, IEEE Xplore, 2021. [Online]. Available: https://ieeexplore.ieee.org/document/9410675
14. A. Gorgulu Kakisim, “A Deep Learning Approach Based on Multi-View Consensus for SQL Injection Detection”, International Journal of Information Security, vol. 23, pp. 1541–1556, 2024. DOI: 10.1007/s10207-023-00791-y
15. H. Sun, Y. Du, and Q. Li, “Deep Learning-Based Detection Technology for SQL Injection Research and Implementation”, Applied Sciences, vol. 13, no. 16, 2023. DOI: 10.3390/app13169466
16. J. R. Tadhani and V. Vekariya, “Securing Web Applications Against XSS and SQLi Attacks Using a Novel Deep Learning Approach”, Scientific Reports, vol. 14, 2024. DOI: 10.1038/s41598-023-48845-4
17. F. R. Abdulhamza and R. J. S. Al-Janabi, "SQL Injection Detection Using 2D-Convolutional Neural Networks (2D-CNN)", 2022 IEEE Conference. https://ieeexplore.ieee.org/document/10075777
18. M. Alghawazi, D. Alghazzawi, and S. Alarifi, "Feature Fusion-Based Detection of SQL Injection and XSS Attacks", Proceedings of the 5th International Conference on Information Science, Parallel and Distributed Systems (ISPDS), IEEE, 2024. https://ieeexplore.ieee.org/document/10667632
19. T. Dasari, J. Anap, H. Patel, N. Singh, and R. B. Ramya, "Detection of SQL Injection Attacks by Giving Apriori to Q-Learning Agents", 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). https://ieeexplore.ieee.org/document/10149965
20. IE-GAN Team, "SQL Injection Attack Sample Generation Based on IE-GAN", 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). https://ieeexplore.ieee.org/document/10332180
21. Å. Å. Sommervoll, "Simulating all archetypes of SQL injection vulnerability exploitation using reinforcement learning agents", International Journal of Information Security, vol. 23, pp. 225–246, 2023. https://link.springer.com/article/10.1007/s10207-023-00738-3
22. M. Alghawazi, D. Alghazzawi, and S. Alarifi, "Deep Learning Architecture for Detecting SQL Injection Attacks Based on RNN Autoencoder", Mathematics, vol. 11, no. 15, 2023. https://doi.org/10.3390/math11153286