Abstract

This study evaluated the performance of three major SQL injection (SQLi) detection categories—deep learning models, security tools, and structured detection frameworks. Experiments were conducted on a benchmark SQLi dataset derived from publicly available and synthetically augmented SQL traffic, with performance evaluated using accuracy, F1-score, AUC, latency, and false positive rate. Using this dataset containing diverse SQLi variants, the research compared hybrid CNN–LSTM–Autoencoder and Transformer-based models against widely used tools (SQLMap, Acunetix, Microsoft Defender for SQL, CodeScan Labs) and established frameworks (IDE, DIAVA, SQL Shield, ASTF). Deep learning models achieved the highest accuracy (≥0.99), followed by frameworks (0.86–0.96), while tools recorded the lowest detection capability (0.75–0.92). ANOVA results (F = 11.12, p = 0.0013) confirmed statistically significant performance differences. The findings demonstrate the superiority of deep learning—especially hybrid architectures integrating structural, sequential, and latent features—in detecting modern SQLi attacks. This comparative analysis provides empirical evidence supporting the prioritization of adaptive neural models in database security environments.

This work is licensed under a Creative Commons Attribution 4.0 License.