Original Research Article

Article volume = 2023 and issue = 2

Pages: 120–126

Article publication Date: November 22, 2023

You can download PDF file of the article here: Download

Visited 328 times and downloaded 148 times

A New Approach in Diagnosing and Preventing SQLIA with Large Language Models (LLMs)

Amin Rezanejad(a), Amir Seyed Danesh(b), and Farid Feyzi(c)

(a) Master's student in Computer Engineering, University of Guilan, Rasht, Iran.

(b) Faculty of Technology and Engineering, East of Guilan, University of Guilan, Rudsar-Vajargah, Iran.

(C) Faculty of Engineering, University of Guilan, Rasht, Iran.


Abstract:

SQL injection attack is considered to be one of the most important and common methods of intrusion into databases. The current research was conducted with the aim of improving the security of databases and web applications by relying on artificial intelligence (AI) and natural language processing (NLP). According to the research done in the past, to detect and prevent SQL injection attacks, we will present a new approach using natural language processing (NLP) approaches such as large language models (LLMs), which has the ability to reduce the database vulnerabilities and neutralize SQL Injection attacks.

Keywords:

SQL injection attack; large language models; Natural Language Processing; database security; software vulnerability.


References:
  • [1] K. Ross, SQL injection detection using machine learning techniques and multiple data sources,Department of Computer Science, Master’s Project, San Jos´e State University, 2018. 2
  • [2] Q. Zhang and X. Wang, SQL injections through back-end of RFID system,” in Proc. Int. Symp. Comput. Netw. Multimedia Technol., Jan. 2009, pp. 1-4. 2
  • [3] Yan, R.; Xiao, X.; Hu, G.; Peng, S.; Jiang, Y. New deep learning method to detect code injection attacks on hybrid applications. J. Syst. Softw. 2018, 137, 67–77. 3
  • [4] AL-Maliki, M., Jasim, M. Comparison study for NLP using machine learning techniques to detecting SQL injection vulnerabilities. International Journal of Nonlinear Analysis and Applications, 2023. 3
  • [5] C. Bockermann, M. Apel, and M. Meier, Learning SQL for databases intrusion detection using context-sensitive modeling (extended abstract) Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2009, vol. 5587 LNCS, pp. 196–205. 3
  • [6] Vähäkainu, P.; Lehto, M. Artificial intelligence in the cyber security environment. In Proceedings of the 14th International Conference on CyberWarfare and Security, ICCWS 2019, Stellenbosch, South Africa, 28 February–1 March 2019; pp. 431–440. 3
  • [7] A. Joshi and V. Geetha, SQL Injection detection using machine learning, 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), Kanyakumari, India, 2014, pp. 1111-1115, doi: 10.1109/ICCICCT.2014.6993127. 3
  • [8] W.G.Halfond and Aorso, AMNESIA Analysis and Monitoring for Neutralizing SQL-Injection Attacks. Proc. IEEE and ACM International Conference on Automatic Software Engineering (ASE 2005), Long Beach, CA, USA, Nov 2005. 3
  • [9] V.Haldar, D.Chandra, and M.Franz, Dynamic Taint Propagation for Java Proc. 2 1s t Annual Computer Security Applications Conference, Dec 2005. 3
  • [10] S.W.Boyd and AD.Keromytis, SQLrand: Preventing SQL Injection Attacks Proc. the 2nd Applied Cryptography and Network Security (ACNS) Conference, pp. 292-302, Jun 2004. 3
  • [11] G.T.Buehrer, RW.Weide, and P.AG.Sivilotti, Using Parse Tree Validation to Prevent SQL Injection Attacks International Workshop on Software Engineering and Middleware (SEM), 2005. 3
  • [12] A. Joshi and V. Geetha, SQL Injection detection using machine learning 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), Kanyakumari, India, 2014, pp.1111-1115, doi: 10.1109/ICCICCT.2014.6993127. 3
  • [13] V.B. Polinati, S.C. Nekkalapudi, N.S. Sanjana and R.V. Bhupathiraju, SQL injection prediction web app using different machine learning algorithms Vinod, J. Eng. Sci. 13 (2022), no. 4. 3
  • [14] S.A. Krishnan, A.N. Sabu, P.P. Sajan and A.L. Sreedeep, SQL injection detection using machine learning, Rev. Gest˜ao Inova¸c˜ao e Tecnol. 11 (2021), no. 3, 300–310. 3
  • [15] A. Alam, M. Tahreen, M.M. Alam, S.A. Mohammad and S. Rana, SCAMM: detection and prevention of SQL injection attacks using a machine learning approach, PhD diss. Brac University, 2021. 3
  • [16] T. Pattewar, H. Patil, H. Patil, N. Patil, M. Taneja and T. Wadile, Detection of SQL injection using machine learning: a survey, Int. Res. J. Eng. Technol. 6 (2019), no. 11, 239–246. 3
  • [17] N. Gandhi, J. Patel, R. Sisodiya, N. Doshi and S. Mishra, A CNN-BiLSTM based approach for detection of SQL injection attacks, Proc. 2nd IEEE Int. Conf. Comput. Intell. Knowl. Econ. ICCIKE, 2021, pp. 378–383. 3
  • [18] K. Zhang, A machine learning based approach to identify SQL injection vulnerabilities, 34th IEEE/ACM Int.Conf. Automated Software Engin., 2019, pp. 1286—1288. 3
  • [19] A. Vaswani et al., Attention is all you need, in Advances in Neural Information Processing Systems, 2017, pp.5998–6008. 4
  • [20] Yang X, Chen A, PourNejatian N, Shin HC, Smith KE, Parisien C, Compas C, Martin C, Costa AB, FloresMG, Zhang Y, Magoc T, Harle CA, Lipori G, Mitchell DA, Hogan WR, Shenkman EA, Bian J, Wu Y. A largelanguage model for electronic health records NPJ Digit Med. 2022 Dec 26;5(1):194. doi: 10.1038/s41746-022-00742-2. PMID: 36572766; PMCID: PMC9792464. 4
  • [21] Chowdhery, A., Narang, S., Devlin, J., Bosma, M., Mishra, G., Roberts, A., Barham, P., Chung, H. W., Sutton, C., Gehrmann, S., et al. PaLM: Scaling language modeling with pathways. arXiv preprint 2204.02311, 2022. 4
  • [22] Touvron, H., Lavril, T., Izacard, G., Martinet, X., Lachaux, M.-A., Lacroix, T., Roziere,‘ B., Goyal, N., Hambro,E., Azhar, F., et al. LLaMA: Open and efficient foundation language models. arXiv preprint 2302.13971, 2023. 4
  • [23] Klein, E. This changes everything New York Times, 2023. URL https://www.nytimes.com/2023/03/12/opinion/chatbots-artificial-intel ligence-future-weirdness.html. 4
  • [24] Perrigo, B. The new AI-powered Bing is threatening users. that’s no laughing matter Time, 2023. URL https://time.com/6256529/bing-openai-chatg pt-danger-alignment/. 4
  • [25] Oliver, J. Last week tonight with John Oliver: Feb 26, 2023. URL https://www.hbo.com/last-week-to nightwith-john-oliver/season-10/2-f ebruary-26-2022. 4
  • [26] J, P. and C, D. ChatGPT and large language models: what’s the risk? National Cyber Security Center, 2023. URL August 2021. Association for Computational Linguistics. doi: 10.18653/v1/2021.acl-long.143. URL https://aclanthology.org/2021.acl-long.143. 4
  • [27] Bartz, D. As ChatGPT’s popularity explodes, U.S. law-makers take an interest. Reuters, 2023. URL https://www.reuters.com/technology/chatgpt s-popularity-explodes-us-lawmakers-t ake-an-interest-2023-02-13/. 4
  • [28] Li, K., Hopkins, A. K., Bau, D., Viegas,´ F., Pfister, H., and Wattenberg, M. Emergent world representations: Exploring a sequence model trained on a synthetic task. In The Eleventh International Conference on Learning Representations, 2023. URL https://openreview.net/forum?id=DeG07 TcZvT. 4
  • [29] Chan, L., Garriga-Alonso, A., Goldowsky-Dill, N., Green-blatt, R., Nitishinskaya, J., Radhakrishnan, A., Shlegeris, B., and Thomas, N. Causal scrubbing: a method for rigorously testing interpretability hypotheses. Alignment Forum, 2022. URL https://www.alignmentfor um.org/posts/JvZhhzycHu2Yd57RN/causa l-scrubbinga-method-for-rigorously-testing. 4
  • [30] Lund, B. D. and Wang, T. Chatting about ChatGPT: how may AI and GPT impact academia and libraries? Library Hi Tech News, 2023. doi: https://doi.org/10.1108/LHTN -01-2023-0009. 4
  • [31] Choi, J. H., Hickman, K. E., Monahan, A., and Schwarcz, D. ChatGPT goes to law school. Minnesota Legal Studies Research Paper, 23(03), 2023. doi: http://dx.doi.org/10. 2139/ssrn.4335905. 4
  • [32] Wayne Xin Zhao, Kun Zhou, Junyi Li, Tianyi Tang, Xiaolei Wang, Yupeng Hou, Yingqian Min, Beichen Zhang, Junjie Zhang, Zican Dong, Yifan Du, Chen Yang, Yushuo Chen, Zhipeng Chen, Jinhao Jiang, Ruiyang Ren, Yifan Li, Xinyu Tang, Zikang Liu, Peiyu Liu, Jian-Yun Nie, and Ji-Rong Wen. A survey of large language models. CoRR, abs/2303.18223, 2023. 4
  • [33] Jie Huang and Kevin Chen-Chuan Chang. Towards reasoning in large language models: A survey. In Anna Rogers, Jordan L. Boyd-Graber, and Naoaki Okazaki, editors, Findings of the Association for Computational Linguistics: ACL 2023, Toronto, Canada, July 9-14, 2023, pages 1049–1065. Association for Com-putational Linguistics, 2023. 4
  • [34] Yupeng Chang, Xu Wang, Jindong Wang, Yuan Wu, Kaijie Zhu, Hao Chen, Linyi Yang, Xi-aoyuan Yi, Cunxiang Wang, Yidong Wang, Wei Ye, Yue Zhang, Yi Chang, Philip S. Yu, Qiang Yang, and Xing Xie. A survey on evaluation of large language models. CoRR, abs/2307.03109, 2023. 4
  • [35] KEREOPA-YORKE, Benjamin. Building Resilient SMEs: Harnessing Large Language Models for Cyber Security in Australia. arXiv preprint arXiv:2306.02612, 2023. 4
Cite this article as:
  • Amin Rezanejad, Amir Seyed Danesh, and Farid Feyzi, A New Approach in Diagnosing and Preventing SQLIA with Large Language Models (LLMs), Communications in Combinatorics, Cryptography & Computer Science, 2023(2), PP.120–126, 2023
  • Export citation to BibTeX