Hybrid BERT-BiLSTM Model for SQL Injection Detection: Potential Applications in Banking Information Systems
摘要
In banking information systems, databases containing customer information, contracts, and transactions play a critical role. However, these databases are increasingly targeted by cyberattacks aimed at stealing sensitive information. Among these threats, SQL injection (SQLi) remains one of the most prevalent cybersecurity risks to web applications and databases in banking systems, necessitating the development of advanced detection strategies to mitigate potential damage. To address this issue, artificial intelligence (AI) has emerged as a powerful tool for detecting SQLi attacks. This study proposes a novel hybrid model that integrates BERT (Bidirectional Encoder Representations from Transformers) and BiLSTM (Bidirectional Long Short-Term Memory) networks, leveraging BERT’s contextual understanding and LSTM’s ability to capture sequential dependencies for highly effective and accurate SQLi detection. The research utilizes a publicly available and widely adopted benchmark dataset containing 30,609 labeled SQL queries, including 19,268 benign queries and 11,341 SQLi queries. Several essential preprocessing steps, such as tokenization, noise removal, and normalization, were applied before model training to enhance data quality. Experimental results demonstrate that the proposed BERT-BiLSTM hybrid model outperforms existing techniques, including Decision Trees, Support Vector Machines (SVM), RNN, CNN-BiLSTM, and DNN-RHM, achieving an accuracy of 0.9994, precision of 0.9995, recall of 0.9991, and an F1-score of 0.9993. These findings highlight the model’s potential for real-world deployment, strengthening system defense mechanisms, reducing the risk of data breaches, and improving compliance with cybersecurity standards. By integrating advanced contextual and sequential learning techniques, the proposed model provides a scalable and adaptable solution for enhancing the security of web applications and databases in banking information systems.