Optimizing SQL Injection Detection: A Comparative Analysis of Embedding Methods with XGBoost
摘要
SQL injection attacks (SQLi) remain one of the most critical web security threats, often leading to data breaches, unauthorized access, and financial losses. In this study, we propose an approach leveraging the XGBoost algorithm to detect SQL injection attacks by evaluating various text vectorization techniques applied to network traffic and SQL queries, including TF-IDF, GloVe embeddings, Skip-gram and Continuous Bag-of-Words (CBOW) Word2Vec models, FastText embeddings, the Bag-of-Words (BoW) model, and BERT-based embeddings. Our experimental results demonstrate that combining CBOW or Word2Vec with eXtreme Gradient Boosting (XGB) achieves superior performance, allowing us to determine the most suitable embedding methods based on specific detection priorities. If real-time detection is required, CBOW or Word2Vec is the most appropriate choice, whereas if accuracy is prioritized over speed, Word2Vec with adjusted thresholds optimizes recall. To minimize false positives, BoW or IDF can be employed, although they may lead to a slightly higher false negative rate. These insights contribute to optimizing SQLi detection strategies by balancing efficiency, accuracy, and robustness in cybersecurity applications.