International Journal of Wireless and Microwave Technologies (IJWMT)
IJWMT Vol. 16, No. 2, 8 Apr. 2026
Cover page and Table of Contents: PDF (size: 1738KB)
FusionNet - SQL-Fusion-Based Deep Learning Model for SQL Injection Detection
PDF (1738KB), PP.173-189
Views: 0 Downloads: 0
Author(s)
Nayankumar Mali
1,*
Keyur Patel
1
Himani Joshi
1
Index Terms
SQL Injection, Web Application Security, Machine learning, Threat intelligence, Vulnerability prioritization, Database attack, Deep learning, Risk modeling
Abstract
SQL injection is a hacking attack where malicious code is inserted into database queries through user inputs like search boxes, login forms, or URL parameters. These attacks pose a significant threat to web applications and ERP systems, making early detection crucial. Traditional detection methods, such as rule-based and signature-based approaches, rely on known SQL injection patterns. However, they often fail to identify novel, obfuscated, or zero-day attacks, highlighting the need for more adaptive and intelligent detection mechanisms. This research proposes FusionNetSQL, a fusion-based deep learning model that combines Convolutional Neural Networks, Long Short-Term Memory networks, and Transformers to detect SQL injection attacks. By integrating these architectures, FusionNet-SQL gains a comprehensive understanding of SQL queries, enabling it to differentiate between legitimate interactions and malicious injections. The CNN captures local patterns, the LSTM models sequential dependencies, and the Transformer enhances global context understanding. The model achieves high performance, with 98.02% accuracy, 99.39% precision, 96.79% recall, 98.07% F1-score, and 98.07% AUC-ROC. With its robust performance and adaptability, FusionNet-SQL offers a powerful solution for securing web applications and ERP systems against SQL injection attacks. Its ability to detect both straightforward and sophisticated attacks makes it well-suited for real-world deployment, reinforcing database security and protecting critical data. This research marks a significant step forward in combating evolving cybersecurity threats.
Cite This Paper
Nayankumar Mali, Keyur Patel, Himani Joshi, "FusionNet - SQL-Fusion-Based Deep Learning Model for SQL Injection Detection", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.16, No.2, pp. 173-189, 2026. DOI:10.5815/ijwmt.2026.02.12
Reference
[1]Peng Tang, Weidong Qiu, Zheng Huang, Huijuan Lian, and Guozhen Liu. Detection of sql injection based on artificial neural network. Knowledge-Based Systems, 190:105528, 2020.
[2]Dimitris Mitropoulos and Diomidis Spinellis. Sdriver: Location-specific signatures prevent sql injection attacks. Computers Security, 28(3):121–129, 2009.
[3]Omer Kasim. An ensemble classification-based approach to detect attack level of sql injections.¨ Journal of Information Security and Applications, 59:102852, 2021.
[4]Young-Su Jang and Jin-Young Choi. Detecting sql injection attacks using query result size. Computers Security, 44:104–118, 2014.
[5]N. Nagabhooshanam, N. Bala sundara ganapathy, C. Ravindra Murthy, Al Ansari Mohammed Saleh, and Ricardo Fernando CosioBorda. Neural network based single index evaluation for sql injection attack detection in health care data. Measurement: Sensors, 27:100779, 2023.
[6]Vihar Devalla, S Srinivasa Raghavan, Swati Maste, Jaaswin D Kotian, and Dr. D Annapurna. murli: A tool for detection of malicious urls and injection attacks. Procedia Computer Science, 215:662–676, 2022. 4th International Conference on Innovative Data Communication Technology and Application.
[7]Laszl´ o Erd´ odi,˝ Avald˚ Aslaugson Sommervoll, and Fabio Massimo Zennaro. Simulating sql injection vulnerability˚ exploitation using q-learning reinforcement learning agents. Journal of Information Security and Applications, 61:102903, 2021.
[8]Inyong Lee, Soonki Jeong, Sangsoo Yeo, and Jongsub Moon. A novel method for sql injection attack detection based on removing sql query attribute values. Mathematical and Computer Modelling, 55(1):58–68, 2012. Advanced Theory and Practice for Cryptography and Future Security.
[9]Benfano Soewito, Fergyanto E. Gunawan, Hirzi, and Frumentius. Prevention structured query language injection using regular expression and escape string. Procedia Computer Science, 135:678–687, 2018. The 3rd International Conference on Computer Science and Computational Intelligence (ICCSCI 2018) : Empowering Smart Technology in Digital Era for a Better Life.
[10]Yingjie Wang, Jianjun Liu, Xiang He, and Bing Wang. Design and realization of rock salt gas storage database management system based on sql server. Petroleum, 4(4):466–472, 2018.
[11]Alan Paul, Vishal Sharma, and Oluwafemi Olukoya. Sql injection attack: Detection, prioritization prevention. Journal of Information Security and Applications, 85:103871, 2024.
[12]Jun Ye, Wentao Zhao, and Dong Wang. A tool design for sql injection vulnerability detection based on improved crawler. Procedia Computer Science, 247:1331–1339, 2024. The 11th International Conference on Applications and Techniques in Cyber Intelligence.
[13]Xue Ping-Chen. Sql injection attack and guard technical research. Procedia Engineering, 15:4131–4135, 2011. CEIS 2011.
[14]Kanchana Natarajan and Sarala Subramani. Generation of sql-injection free secure algorithm to detect and prevent sql-injection attacks. Procedia Technology, 4:790–796, 2012. 2nd International Conference on Computer, Communication, Control and Information Technology( C3IT-2012) on February 25 - 26, 2012.
[15]Stanislav Abaimov and Giuseppe Bianchi. A survey on the application of deep learning for code injection detection. Array, 11:100077, 2021.
[16]Najla Odeh and Sherin Hijazi. Detecting and preventing common web application vulnerabilities: A comprehensive approach. International Journal of Information Technology and Computer Science (IJITCS), 15(3):26–41, June 2023.
[17]Jaskanwal Minhas and Raman Kumar. Blocking of sql injection attacks by comparing static and dynamic queries. I.J. Computer Network and Information Security, 2:1–9, 2013.
[18]William GJ Halfond, Jeremy Viegas, and Alessandro Orso. A classification of sql injection attacks and countermeasures. In Proceedings of the International Symposium on Secure Software Engineering, pages 101–111, 2006.
[19]Carl Gould, Zhendong Su, and Premkumar Devanbu. Jdbc checker: a static analysis tool for sql/jdbc applications. In Proceedings of the 26th International Conference on Software Engineering, pages 697–698, 2004.
[20]Stephen Boyd and Angelos D Keromytis. Sqlrand: Preventing sql injection attacks. In Applied Cryptography and Network Security, pages 74–82. Springer, 2004.