This book chapter presents an explainable ensemble machine learning framework for detecting SQL injection attacks, combining BERT embeddings with traditional SQL query analysis. This hybrid approach achieves 99.5% detection accuracy while maintaining interpretability through SHapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The ensemble models show 18.9% greater consistency against novel attack patterns compared to single models. The Boosting Ensemble demonstrates enhanced adaptability to evolving threats despite a marginal accuracy difference of 0.19% from the best single model (LightGBM, 99.68%). A production-ready API implementation processes queries at 243 requests/second with 4.1ms latency. The proposed system balances detection accuracy with explainability, addressing the critical need for transparent security mechanisms in web applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Transformer-Based Bidirectional Encoder SQL Representations for Interpretable Cyber Attack Detection Using Ensemble Learning

  • Raymond Sekyewa,
  • Michael Kizito,
  • Kyanda Swaib Kaawasse,
  • Tonny Bulega,
  • Ggaliwango Marvin

摘要

This book chapter presents an explainable ensemble machine learning framework for detecting SQL injection attacks, combining BERT embeddings with traditional SQL query analysis. This hybrid approach achieves 99.5% detection accuracy while maintaining interpretability through SHapley Additive exPlanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The ensemble models show 18.9% greater consistency against novel attack patterns compared to single models. The Boosting Ensemble demonstrates enhanced adaptability to evolving threats despite a marginal accuracy difference of 0.19% from the best single model (LightGBM, 99.68%). A production-ready API implementation processes queries at 243 requests/second with 4.1ms latency. The proposed system balances detection accuracy with explainability, addressing the critical need for transparent security mechanisms in web applications.