AI-Enhanced SQL Injection Detection Framework: A Novel Approach Combines LLMs with Traditional Fuzzing to Improve Web Application Vulnerability Detection

Authors

  • Nguyen Le Quoc Dat
  • Nguyen Le Quoc Anh
  • Nguyen Manh Thang

DOI:

https://doi.org/10.54654/isj.v3i26.1179

Keywords:

SQL Injection, artificial intelligence, web security, penetration testing, large language model, burp suite extension

Tóm tắt

 SQL injection affects 65% of web applications, yet traditional tools often miss context-specific vulnerabilities. We propose AESIDF, a hybrid framework that integrates Large Language Models with parallel fuzzing for semantic vulnerability analysis. Evaluated on 26 benchmark scenarios from PortSwigger, DVWA, and OWASP Juice Shop, our approach achieves a 92.3% detection rate compared to SQLMap’s 76.9%, while reducing request volume by approximately 68.8%. These preliminary results suggest that LLM-powered contextual reasoning can enhance automated security testing; however, broader validation on larger and more diverse datasets is required to confirm generalizability.

Downloads

Download data is not yet available.

References

OWASP Foundation, “OWASP Top 10 - 2021: The Ten Most Critical Web Application Security Risks” (2021). Access time: 12/01/2024, https://owasp.org/Top10/.

S. Saiyed, H. Sharma, and V. Kumar, “Static analysis approach for SQL injection vulnerability detection,” Journal of Information Security and Applications, vol. 45, pp. 1–12, 2019.

W. G. J. Halfond and A. Orso, “AMNESIA: Analysis and monitoring for neutralizing SQL-injection attacks,” ACM Transactions on Software Engineering, vol. 34, no. 5, pp. 1–52, 2008.

D. Appelt, C. D. Nguyen, L. C. Briand, and N. Alshahwan, “Automated testing for SQL injection vulnerabilities: An input mutation approach,” in Proc. Int. Symp. Software Testing and Analysis (ISSTA), San Jose, CA, USA, Jul. 2014, pp. 259–269.

Y. Tang, S. Chen, and L. Wang, “SQL injection detection using convolutional neural networks,” IEEE Access, vol. 8, pp. 132505–132517, 2020.

T. Brown et al., “Language models are few-shot learners,” in Proc. NeurIPS, 2020, pp. 1877–1901.

Y. Jiang et al., “When Fuzzing Meets LLMs: Challenges and Opportunities,” in Proc. ACM CCS, Salt Lake City, USA, 2024, pp. 1–15.

H. X. Dau, N. T. T. Trang, and N. T. Hung, “A Survey of Tools and Techniques for Web Attack Detection,” Journal of Science and Technology on Information Security, Special Issue CS, no. 15, pp. 109–130, 2022. DOI: doi.org/10.54654/isj.v1iCS(15).403.

N. M. Thien, P. D. Khoa, N. D. Vuong, and N. V. Hung, “AI application framework for automatic vulnerabilities exploit,” Journal of Science and Technology on Information Security, vol. 1, no. 13, pp. 80–92, 2022. DOI: doi.org/10.54654/isj.v1i13.234.

T. P. Ho, H. T. Nam, and N. M. Thang, “A new approach to improving web application firewall performance based on support vector machine method with analysis of HTTP request,” Journal of Science and Technology on Information Security, vol. 1, no. 15, pp. 62–73, 2022. DOI: doi.org/10.54654/isj.v1i15.391

Downloads

Abstract views: 277 / PDF downloads: 48

Published

2025-12-31

How to Cite

Dat, N. L. Q., Anh, N. L. Q., & Thang, N. M. (2025). AI-Enhanced SQL Injection Detection Framework: A Novel Approach Combines LLMs with Traditional Fuzzing to Improve Web Application Vulnerability Detection. Journal of Science and Technology on Information Security, 3(26), 70-78. https://doi.org/10.54654/isj.v3i26.1179

Issue

No 3. CS (26) 2025

Section

Papers

License

Proposed Policy for Journals That Offer Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Proposed Policy for Journals That Offer Delayed Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).