Enhancing SQL Code Security and Maintainability: A Deep Learning Based Approach

Article Sidebar

PDF
Issue
Vol. 2 No. 3 (2025): International Journal of Advances in Artificial Intelligence and Machine Learning
Published: Nov 22, 2025
Keywords:
BiLSTM,
CNN,
Deep Learning,
DistilBERT,
Security Advisory,
SQL Injection

Main Article Content

  Faisal Alghamdi
Department of Computer Science, College of Computer, Qassim University, Buraydah,
  https://orcid.org/0009-0008-1097-4278
  Boulbaba Ben Ammar
Department of Computer Science, College of Computer, Qassim University, Buraydah,
  https://orcid.org/0000-0002-5718-4723

Abstract

Background of study: SQL injection attacks continue to pose a significant risk to online systems. Traditional rule-based detection regularly fails to identify emerging or disguised attack vectors. Deep learning holds significant promise for robust detection, yet few studies rigorously compare model types or examine how to convey detection results as actionable security advice for developers.
Aims and scope of paper: Building on this gap in existing research, this study tests three deep learning models for detecting SQL injection: Convolutional Neural Network (CNN), Bidirectional Long Short-Term Memory (BiLSTM), and DistilBERT. The best model is then utilized in a tool that provides developers with risk assessments, warnings about unsafe patterns, and examples of secure queries.
Methods: To achieve this, a dataset of 30,919 labeled SQL queries was preprocessed using normalization, syntax validation, and stratified splitting (70/15/15). A dual tokenization approach enabled fair comparisons between architectures. Models were trained using Adam/AdamW optimizers and evaluated for accuracy, precision, recall, F1-score, AUC-ROC, and MCC.
Result: Among the tested models, DistilBERT set the performance benchmark, achieving 99.8% accuracy, 99.9% precision, 99.5% recall, and a false positive rate of just 0.1%. CNN and BiLSTM showed strong results, but proved weaker against obfuscated or distributed attacks. The SQL Security Advisor system converts model predictions directly into actionable guidance for developers.
Conclusion: In conclusion, our findings indicate that DistilBERT detects SQL injections more effectively than CNN and BiLSTM, particularly when attacks are complex or hidden. By combining detection, explanation, and repair, this approach helps bring research closer to real-world use and supports developers in building more secure systems.

Article Details

How to Cite
Alghamdi, F., & Ben Ammar, B. (2025). Enhancing SQL Code Security and Maintainability: A Deep Learning Based Approach. International Journal of Advances in Artificial Intelligence and Machine Learning, 2(3), 160–169. https://doi.org/10.58723/ijaaiml.v2i3.515
Section
Articles
License

Copyright (c) 2025 Faisal Alghamdi, Boulbaba Ben Ammar

Crossref
Scopus
Google Scholar
Europe PMC

References

Al-Mallah, R., & Quintero, A. (2025). Adversarial Threats and Defense Mechanisms in Machine Learning-Based SQL Injection Detection: A Security Analysis. Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ICNC64010.2025.10993834

Bhupathiraju, S. K. R. (2025). Key Features and Innovations in SQL Server 2025 : Advancing Performance , Security , and AI Integration. International Journal on Science and Technology (IJSAT), 16(1), 1–23. https://doi.org/10.71097/IJSAT.v16.i1.2493

Chakir, O., & Sadqi, Y. (2025). Demystifying the Role of Publicly Available Up-to-Date Benchmark Intrusion Datasets : A Case Study of Web Security Demystifying the Role of Publicly Available Up-to-date Benchmark Intrusion Datasets : A Case Study of Web Security (Issue December 2024). River Publishers Series in Digital Security and Forensics. https://doi.org/10.1201/9788770047746-11

Chen, Y., Liang, G., & Wang, Q. (2025). Research on SQL Injection Detection Technology Based on Content Matching. Computers, Materials & Continua, 84(1), 1145–1167. https://doi.org/10.32604/cmc.2025.063319

Dritsas, E., & Trigka, M. (2025). Database Systems in the Big Data Era : Architectures , Performance , and Open Challenges. IEEE Access, 13(May), 95068–95084. https://doi.org/10.1109/ACCESS.2025.3572059

Floris, G., Scano, C., Montaruli, B., Demetrio, L., Valenza, A., Compagna, L., Ariu, D., Piras, L., Balzarotti, D., & Biggio, B. (2025). ModSec-AdvLearn : Countering Adversarial SQL Injections with Robust Machine Learning. IEEE Transactions on Information Forensics and Security, 20, 6693–6705. https://doi.org/10.1109/TIFS.2025.3583234

Gomes, D., Felix, E., Aires, F., & Vieira, M. (2025). Static Code Analysis for IoT Security : A Systematic (Vol. 58, Issue 3). https://doi.org/10.1145/3745019

Gupta, P., Nguyen, T. N., Gonzalez, C., & Woolley, A. W. (2025). Fostering collective intelligence in human–AI collaboration: laying the groundwork for COHUMAIN. Topics in Cognitive Science, 17(2), 189–216. https://doi.org/10.1111/tops.12679

Keshireddy, S. R. (2025). Reinforcement Learning Based Optimization of Query Execution Plans in Reinforcement Learning Based Optimization of Query Execution Plans in Distributed Databases. Research Briefs on Information and Communication Technology Evolution, 11(03), 42–61. https://doi.org/10.69978/rebicte.v11i.211

Liu, Y., & Dai, Y. (2024). Deep Learning in Cybersecurity : A Hybrid BERT – LSTM Network for SQL Injection Attack Detection. IET Information Security, 1, 1–16. https://doi.org/10.1049/2024/5565950

Lubis, J. H., Handayani, S., Mawengkang, H., & Napitupulu, F. M. A. (2025). Performance Optimization of ERD Designs Using Cost-Based Optimization for Large-Scale Query Processing. Jurnal Teknik Informatika (JUTIF), 6(3), 1457–1467. https://doi.org/10.52436/1.jutif.2025.6.3.4523

Lyu, C. (2025). Intelligent cost-performance optimization for big data analytics systems. https://scholar.google.com/scholar?hl=id&as_sdt=0%2C5&q=Intelligent+Cost-Performance+Optimization+for+Big+Data+Analytics+Systems&btnG=

Mahin, M. T. (2025). Efficient Cardinality Estimation and Query Processing for Large-Scale Databases. https://scholar.google.com/scholar?hl=id&as_sdt=0%2C5&q=Efficient+Cardinality+Estimation+and+Query+Processing+for+Large-Scale+Databases&btnG=

Mariettou, S., Koutsojannis, C., & Triantafyllou, V. (2025). A Secure Prescription System with Machine Learning for SQL Injection. Computer Networks and Communications, 3(2), 59–72. https://doi.org/10.37256/cnc.3220257145

Muduli, D., Shookdeb, S., Zamani, A. B. U. T., & Saxena, S. (2024). SIDNet : A SQL Injection Detection Network for Enhancing Cybersecurity. IEEE Access, 99, 1–17. https://doi.org/10.1109/ACCESS.2024.3502293

OWASP Foundation. (2025). SQL Injection. https://owasp.org/www-community/attacks/SQL_Injection

Sajid576. (2021). SQL Injection Dataset. https://www.kaggle.com/datasets/sajid576/sql-injection-dataset

Sanh, V., Debut, L., Chaumond, J., & Wolf, T. (2019). DistilBERT , a distilled version of BERT : smaller , faster , cheaper and lighter. ArXiv, 2–6. https://doi.org/10.48550/arXiv.1910.01108

Shaik, A. R., & Manoharan, A. (2025). Hybrid Convolutional Spinal Zeiler and Fergus Network-based Attack Prevention with the Tuning of Firewall in IoT. Engineering Research Express, 7(3), 1–24. https://doi.org/10.1088/2631-8695/adf942

Souza, M. S., Estadual, U., Ribeiro, S. E. S. B., Estadual, U., Lima, V. C., Estadual, U., Cardoso, F. J., Estadual, U., Gomes, R. L., & Estadual, U. (2024). Combining Regular Expressions and Machine Learning for SQL Injection Detection in Urban Computing. Journal of Internet Services and Applications, 15(1), 103–111. https://doi.org/10.5753/jisa.2024.3799

Swaroop, A. T. (2025). The Transformative Impact Of Artificial Intelligence On Professional Software Development : A Comprehensive Analysis. INTERNATIONAL JOURNAL OF CREATIVE RESEARCH THOUGHTS (IJCRT), 13(8), b74–b90. https://doi.org/10.56975/ijcrt.v13i8.292072

Takyi, K., Gyening, R. M. O. M., Kobinnah, M., & Boateng, M. A. (2025). Enhancing SQL Injection Detection with Long Short- Term Memory Networks in Deep Learning. International Journal of Open Information Technologies, 13(1), 7–13. https://scholar.google.com/scholar?hl=id&as_sdt=0%2C5&q=Enhancing+SQL+injection+detection+with+long+short+term+memory+networks+in+deep+learning.&btnG=

Vangapandu, R., Sri, K. K., Sukeerthana, N., & Meghana, P. (2025). SQL Injection Detection via Graph Neural Networks and Query Dependency Graphs. Macaw International Journal of Advanced Research in Computer Science and Engineering, 11(1), 102–113. https://doi.org/10.70162/mijarcse/2025/v11/i1/v11i110

Yetunde, C., Samson, D., Akinpelu, A., Olajuwon, E., Sunday, A., & Ajagbe, A. (2025). Malicious Query Recognition Using Chosen Machine Learning Techniques. SN Computer Science. https://doi.org/10.1007/s42979-025-03745-4

Yi, Z., Ives, Z. G., & Marcus, R. (2025). Low Rank Learning for Offline Query Optimization. Proceedings of the ACM on Management of Data, 3(3), 1–26. https://doi.org/10.1145/3725412

Zivkovic, M., & Jovanovic, L. (2024). Optimizing SQL injection detection using BERT encoding and AdaBoost Classification Optimizing SQL injection detection using BERT encoding and AdaBoost Classification. 2nd International Conference on Innovation in Information Technology and Business (ICIITB 2024), 137–154. https://doi.org/10.2991/978-94-6463-482-2