Open Access

ARTICLE

Research on SQL Injection Detection Technology Based on Content Matching and Deep Learning

Yuqi Chen^1,2, Guangjun Liang^1,2,3,*, Qun Wang^1,2,3

1 Department of Computer Information and Cyber Security, Jiangsu Police Institute, Nanjing, 210031, China
2 Jiangsu Electronic Data Forensics and Analysis Engineering Research Center, Nanjing, 210031, China
3 Jiangsu Provincial Public Security Department Key Laboratory of Digital Forensics, Nanjing, 210031, China

* Corresponding Author: Guangjun Liang. Email:

Computers, Materials & Continua 2025, 84(1), 1145-1167. https://doi.org/10.32604/cmc.2025.063319

Received 11 January 2025; Accepted 03 April 2025; Issue published 09 June 2025

Abstract

Structured Query Language (SQL) injection attacks have become the most common means of attacking Web applications due to their simple implementation and high degree of harm. Traditional injection attack detection techniques struggle to accurately identify various types of SQL injection attacks. This paper presents an enhanced SQL injection detection method that utilizes content matching technology to improve the accuracy and efficiency of detection. Features are extracted through content matching, effectively avoiding the loss of valid information, and an improved deep learning model is employed to enhance the detection effect of SQL injections. Considering that grammar parsing and word embedding may conceal key features and introduce noise, we propose training the transformed data vectors by preprocessing the data in the dataset and post-processing the word segmentation based on content matching. We optimized and adjusted the traditional Convolutional Neural Network (CNN) model, trained normal data, SQL injection data, and XSS data, and used these three deep learning models for attack detection. The experimental results show that the accuracy rate reaches 98.35%, achieving excellent detection results.

---

Keywords

---