Detecting and Mitigating SQL Injection in .NET Applications Using AI-Based Anomaly Detection


Authors : Sohan Singh Chinthalapudi

Volume/Issue : Volume 10 - 2025, Issue 3 - March

Google Scholar : https://tinyurl.com/yc74h6c8

Scribd : https://tinyurl.com/2p9z9du5

DOI : https://doi.org/10.38124/ijisrt/25mar1676

PlumX Metrics

Semantic Scholar

ResearchGate

IJISRT Repository

Google Scholar

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 15 to 20 days to display the article.

Abstract : SQL Injection (SQLi) persists as a major threat to .NET applications since attackers can inject harmful SQL code into databases for database manipulation purposes. The presence of this vulnerability leads to hackers gaining access to unauthorized data and causing system integrity failure while resulting in lost data which threatens organizations utilizing these applications. Signature-based detection systems demonstrate limited effectiveness when it comes to detecting contemporary or innovative SQLi attacks that create new patterns. Artificial Intelligence through anomaly detection technology provides a capable defensive solution to overcome this particular challenge. The normal behavior patterns of SQL queries inside applications become manageable for AI systems through machine learning algorithms to detect abnormal patterns that signal SQLi attack vulnerabilities. The research introduces a specific AI-based anomaly detection system designed for .NET application environments. Our research method begins with collecting SQL query logs then performing data preprocessing before extracting important features which are used to train a machine learning model to detect between valid and hostile SQL queries. The detection process relies on an RNN autoencoder which understands SQL query sequences thus identifying anomalous patterns related to SQL injection. Experimental testing shows that the proposed method reaches high detection precision alongside minimal false alarms while detecting recognized as well as unrecognized SQLi attacks. The security position of .NET applications becomes more robust through the implementation of this AI-based anomaly detection system in protecting against current and future SQLi attacks.

Keywords : SQL Injection (SQLi), .NET Security, AI-Based Anomaly Detection, Machine Learning for Cybersecurity, SQL Query Analysis, Recurrent Neural Networks (RNN), Threat Mitigation Strategies, Cybersecurity in Web Applications.

References :

  1. Abdiyeva-Aliyeva, G., & Hematyar, M. (2022, May). AI-based network security anomaly prediction and detection in future network. In The International Conference on Artificial Intelligence and Applied Mathematics in Engineering (pp. 149-159). Cham: Springer International Publishing. https://doi.org/10.1 007/978-3-031-31956-3_13
  2. Ahmad, H., Gulzar, M. M., Aziz, S., Habib, S., & Ahmed, I. (2024). AI-based anomaly identification techniques for vehicles communication protocol systems: Comprehensive investigation, research opportunities and challenges. Internet of Things, 101245. https://doi.org/10.1016/j.iot.2024.101245
  3. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., & Ahmad, F. (2020). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), e4150. https://doi.org/10.1002/ett.4150
  4. Ahsan, M., Nygard, K. E., Gomes, R., Chowdhury, M. M., Rifat, N., & Connolly, J. F. (2022). Cybersecurity threats and their mitigation approaches using Machine Learning—A Review. Journal of Cybersecurity and Privacy, 2(3), 527-555. https://doi.org/10.3390/jcp2 030027
  5. Alghawazi, M., Alghazzawi, D., & Alarifi, S. (2022). Detection of sql injection attack using machine learning techniques: a systematic literature review. Journal of Cybersecurity and Privacy, 2(4), 764-777. https://doi.org/10.3390/jcp2040039
  6. Alghawazi, M., Alghazzawi, D., & Alarifi, S. (2023). Deep learning architecture for detecting SQL injection attacks based on RNN autoencoder model. Mathematics, 11(15), 3286. https://doi.org/10.3390/math11153286
  7. Amiri, F., Yousefi, M. R., Lucas, C., Shakery, A., & Yazdani, N. (2011). Mutual information-based feature selection for intrusion detection systems. Journal of network and computer applications, 34(4), 1184-1199. https://doi.org/10.1016/j.jnca.2011.01.002
  8. Apruzzese, G., Laskov, P., Montes de Oca, E., Mallouli, W., Brdalo Rapa, L., Grammatopoulos, A. V., & Di Franco, F. (2023). The role of machine learning in cybersecurity. Digital Threats: Research and Practice, 4(1), 1-38. https://doi.org/10.1145/35 45574
  9. Augustine, N., Md. Sultan, A., Osman, M. H., & Sharif, K. Y. (2024). Application of artificial intelligence in detecting SQL injection attacks. JOIV: International Journal on Informatics Visualization, 8(4), 2131-2138. https://doi.org/10.62527/joiv.8.4.3 631
  10. Augustine, N., Sultan, A. B. M., Osman, M. H., & Sharif, K. Y. (2024). Application of Artificial Intelligence in Detecting SQL Injection Attacks. JOIV: International Journal on Informatics Visualization, 8(4), 2131-2138. https://dx.doi.org/10 .62527/joiv.8.4.3631
  11. B. Brindavathi, A. Karrothu and C. Anilkumar, "An Analysis of AI-based SQL Injection (SQLi) Attack Detection," 2023 Second International Conference on Augmented Intelligence and Sustainable Systems (ICAISS), Trichy, India, 2023, pp. 31-35  https://doi10.1109/ICAISS58487.2023.10250505.
  12. Berghout, T., Benbouzid, M., & Muyeen, S. M. (2022). Machine learning for cybersecurity in smart grids: A comprehensive review-based study on methods, solutions, and prospects. International Journal of Critical Infrastructure Protection, 38, 100547. https://doi.org/10.1016/j.ijcip.2022.100547
  13. Bhanu P. S., & Manish K. S., (2024). Detection of SQL Injection Attack Using Machine Learning Techniques. International Journal of Scientific Research in Science and Technology, 11(16), 780-790. http://dx.doi.org/10.32628/IJSRST24114323
  14. Bhardwaj, A. K., Dutta, P. K., & Chintale, P. (2024). AI-Powered Anomaly Detection for Kubernetes Security: A Systematic Approach to Identifying Threats. Babylonian Journal of Machine Learning, 2024, 142-148. https://doi.org/10.58 496/BJML/2024/014
  15. Bishop, M., Cheung, S., & Wee, C. (1997). The threat from the net [Internet security]. IEEE spectrum, 34(8), 56-63.  https://doi.org/10.1109/6.609475.
  16. Boyd, S. W., & Keromytis, A. D. (2004). SQLrand: Preventing SQL injection attacks. Proceedings of the 2nd International Conference on Applied Cryptography and Network Security (pp. 292–302). Springer. https://doi.org/10.1007/978-3-540-24852-1_21
  17. C. Ping, W. Jinshuang, Y. Lanjuan and P. Lin, "SQL Injection Teaching Based on SQLi-labs," 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE), Dalian, China, 2020, pp. 191-195, https://doi10.1109/ICISCAE51034.2020.9236904
  18. Chevrot, A., Vernotte, A., Bernabe, P., Cretin, A., Peureux, F., & Legeard, B. (2020, December). Improved testing of AI-based anomaly detection systems using synthetic surveillance data. In Proceedings (Vol. 59, No. 1, p. 9). MDPI. https://doi.org/10.3390/proceedings2020059009
  19. Dasgupta, D., Akhtar, Z., & Sen, S. (2022). Machine learning in cybersecurity: a comprehensive survey. The Journal of Defense Modeling and Simulation, 19(1), 57-106. https://doi.org/10.117 7/1548512920951275\
  20. DeMedeiros, K., Hendawi, A., & Alvarez, M. (2023). A survey of AI-based anomaly detection in IoT and sensor networks. Sensors, 23(3), 1352. https://doi.org/ 10.3390/s23031352
  21. Frau, S., Gorrieri, R., & Ferigato, C. (2008, October). Petri net security checker: Structural non-interference at work. In International Workshop on Formal Aspects in Security and Trust (pp. 210-225). Berlin, Heidelberg: Springer Berlin Heidelberg. https://d oi.org/10.1007/978-3-642-01465-9_14
  22. Garcia, S., Grill, M., Stiborek, J., & Zunino, A. (2014). An empirical comparison of botnet detection methods. computers & security, 45, 100-123. https://doi.org/10.1016/j.cose.2014.05.011
  23. Gaur, K., Diwakar, M., Gaur, K., Singh, P., Sachdeva, T., & Pandey, N. K. (2023, March). Sql injection attacks and prevention. In 2023 6th International Conference on Information Systems and Computer Networks (ISCON) (pp. 1-4). IEEE . https://doi.org/10.1109/ISCON57294.2023.10112156
  24. Halfond, W. G., & Orso, A. (2005, November). AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks. In Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering (pp. 174-183). https://doi.org/10.1145/1101908.1101935
  25. Halfond, W. G., Viegas, J., & Orso, A. (2006). A classification of SQL-injection attacks and countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering, 1(1), 13-15. https://sites.cc.gatech.edu/ home/orso/papers/halfond.viegas.orso.ISSSE06.pdf
  26. Handa, A., Sharma, A., & Shukla, S. K. (2019). Machine learning in cybersecurity: A review. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 9(4), e1306. https://doi.org/ 10.1002/widm.1306
  27. Hanrahan, P. (2006, June). Vizql: a language for query, analysis and visualization. In Proceedings of the 2006 ACM SIGMOD international conference on Management of data (pp. 721-721). https://doi.org /10.1145/1142473.1142560
  28. Irungu, J., Graham, S., Girma, A., & Kacem, T. (2023, February). Artificial intelligence techniques for sql injection attack detection. In Proceedings of the 2023 8th international conference on intelligent information technology (pp. 38-45). https://doi.org/10.1145/3591569.3591576
  29. Jung, Y., Park, E. G., Jeong, S. H., & Kim, J. H. (2024). AI-Based Anomaly Detection Techniques for Structural Fault Diagnosis Using Low-Sampling-Rate Vibration Data. Aerospace, 11(7), 509.  https://doi.or g/10.3390/aerospace11070509
  30. Kakisim, A. G. (2024). A deep learning approach based on multi-view consensus for SQL injection detection. International Journal of Information Security, 23(2), 1541-1556. https://doi.org/10.1 007/s10207-023-00791-y
  31. Kals, S., Kirda, E., Kruegel, C., & Jovanovic, N. (2006). SecuBat: A web vulnerability scanner. Proceedings of the 15th International Conference on World Wide Web (pp. 247–256). https://doi.org/10.11 45/1135777.1135817
  32. Kumar, P., & Pateriya, R. K. (2012, July). A survey on SQL injection attacks, detection and prevention techniques. In 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12) (pp. 1-5). IEEE. https://do i.org/10.1109/ICCCNT.2012.6396096
  33. Liu, Y., & Dai, Y. (2024). Deep Learning in Cybersecurity: A Hybrid BERT–LSTM Network for SQL Injection Attack Detection. IET Information Security, 2024(1), 5565950. https://doi.org/10.10 49/2024/5565950
  34. Machireddy, Jeshwanth, Automation in Healthcare Claims Processing: Enhancing Efficiency and Accuracy (April 16, 2023). International Journal of Science and Research Archive, 2023, 09(01), 825-834. http://dx.doi.org/10.2139/ssrn.5159747
  35. M. Baker, A. Y. Fard, H. Althuwaini and M. B. Shadmand, "Real-Time AI-Based Anomaly Detection and Classification in Power Electronics Dominated Grids," in IEEE Journal of Emerging and Selected Topics in Industrial Electronics, vol. 4, no. 2, pp. 549-559, April 2023  https://doi.org/10.1109/JES TIE.2022.3227005
  36. Machireddy, J. R. (2024). Machine Learning and Automation in Healthcare Claims Processing. Journal of Artificial Intelligence General science (JAIGS) ISSN: 3006-4023, 6(1), 686-701. https://doi.org/10.6 0087/jaigs.v6i1.335
  37. Panadiya, P., & Singhal, M. K. (2024). Advanced detection and prevention of SQL injection attacks using machine learning techniques for enhanced web security. International Journal of Scientific Research in Science and Technology, 11(6), 1-10. https://doi.org/10.32628/IJSRST241161101
  38. Parashar, D., Sanagavarapu, L. M., & Reddy, Y. R. (2021, February). Sql injection vulnerability identification from text. In Proceedings of the 14th Innovations in Software Engineering Conference (formerly known as India Software Engineering Conference) (pp. 1-5). https://doi.org/10.1145/3 452383.3452405
  39. Polo, L. (2024). Revolutionizing sales and operations planning with artificial intelligence: Insights and results. International Journal For Multidisciplinary Research, 6(6). https://doi.org/10.36948/ijfmr.2024.v06i06.34053
  40. Paul, A., Sharma, V., & Olukoya, O. (2024). SQL injection attack: Detection, prioritization & prevention. Journal of Information Security and Applications, 85, 103871 https://doi.org/10.101 6/j.jisa.2024.103871
  41. Rahman, Md Habibur and Hossan, Kazi Md Riaz: Future Advancements In Artificial Intelligence: Transforming The Ecommerce Landscape And Its Implications For Businesses, Consumers, And Market Competition (May 10, 2024). https://dx.doi.org /10.2139/ssrn.5027735
  42. Rashid, M. M., Khan, S. U., Eusufzai, F., Redwan, M. A., Sabuj, S. R., & Elsharief, M. (2023). A federated learning-based approach for improving intrusion detection in industrial internet of things networks. Network, 3(1), 158-179. https://doi.org/1 0.3390/network3010008
  43. Rudin, C. (2019). Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead. Nature Machine Intelligence, 1(5), 206–215. https://doi.org/10.1038/s 42256-019-0048-x
  44. Salloum, S. A., Alshurideh, M., Elnagar, A., & Shaalan, K. (2020, March). Machine learning and deep learning techniques for cybersecurity: a review. In The International Conference on Artificial Intelligence and Computer Vision (pp. 50-57). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-44289-7_5
  45. Sarker, I. H., Abushark, Y. B., Alsolami, F., & Khan, A. I. (2020). Intrudtree: a machine learning based cyber security intrusion detection model. Symmetry, 12(5), 754. https://doi.org/10.339 0/sym12050754
  46. Sehgal, N. K., Bhatt, P. C. P., & Acken, J. M. (2020). Cloud computing with security. Concepts and practices. Second edition. Switzerland: Springer. https://doi.org/10.1007/978-3-030-24612-9
  47. Shahriar, H., & Zulkernine, M. (2012, October). Information-theoretic detection of SQL injection attacks. In 2012 IEEE 14th international symposium on high-assurance systems engineering (pp. 40-47). IEEE  https://doi:10.1109/HASE.2012.31
  48. Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. IEEE Symposium on Security and Privacy, 2010, 305–316. https://doi.org/10.1109/ SP.2010.25
  49. Su, Z., & Wassermann, G. (2006). The essence of command injection attacks in web applications. Acm Sigplan Notices, 41(1), 372-382. https://doi.org/10.11 45/1111320.1111070
  50. Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954-21961. https://doi.org/10.1109/ACCESS.2017.27624 18
  51. Zhang, K. (2019, November). A machine learning based approach to identify SQL injection vulnerabilities. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) (pp. 1286-1288). IEEE. https://doi.org/10.1109/ASE.2019.00164
  52. Zolaktaf, Z., Milani, M., & Pottinger, R. (2020, June). Facilitating SQL query composition and analysis. In Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data (pp. 209-224). https://doi.org/10.1145/3318464.3380602

SQL Injection (SQLi) persists as a major threat to .NET applications since attackers can inject harmful SQL code into databases for database manipulation purposes. The presence of this vulnerability leads to hackers gaining access to unauthorized data and causing system integrity failure while resulting in lost data which threatens organizations utilizing these applications. Signature-based detection systems demonstrate limited effectiveness when it comes to detecting contemporary or innovative SQLi attacks that create new patterns. Artificial Intelligence through anomaly detection technology provides a capable defensive solution to overcome this particular challenge. The normal behavior patterns of SQL queries inside applications become manageable for AI systems through machine learning algorithms to detect abnormal patterns that signal SQLi attack vulnerabilities. The research introduces a specific AI-based anomaly detection system designed for .NET application environments. Our research method begins with collecting SQL query logs then performing data preprocessing before extracting important features which are used to train a machine learning model to detect between valid and hostile SQL queries. The detection process relies on an RNN autoencoder which understands SQL query sequences thus identifying anomalous patterns related to SQL injection. Experimental testing shows that the proposed method reaches high detection precision alongside minimal false alarms while detecting recognized as well as unrecognized SQLi attacks. The security position of .NET applications becomes more robust through the implementation of this AI-based anomaly detection system in protecting against current and future SQLi attacks.

Keywords : SQL Injection (SQLi), .NET Security, AI-Based Anomaly Detection, Machine Learning for Cybersecurity, SQL Query Analysis, Recurrent Neural Networks (RNN), Threat Mitigation Strategies, Cybersecurity in Web Applications.

Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe