Email this article 
(Universitas Muhammadiyah Kotabumi, Indonesia)(2) * Hartono Hartono
(Universitas Muhammadiyah Kotabumi, Indonesia)(3) Rama Apriando
(Universitas Muhammadiyah Kotabumi, Indonesia)*corresponding author
AbstractThis study discusses the development of a SQL Injection attack detection system using the Long Short-Term Memory (LSTM) deep learning model. SQL Injection is a serious security threat to web applications that exploits vulnerabilities in user input to manipulate databases. The LSTM model was chosen due to its ability to process sequential data, which is relevant for analyzing the patterns and structure of SQL queries that are susceptible to attacks. The process begins by collecting and combining datasets from various sources, performing preprocessing to handle duplicate data, missing values, and gibberish queries, as well as analyzing the distribution of query lengths. The textual query data is then converted into a numerical representation through tokenization and padding. The processed dataset is divided into training and testing data. The Bi-directional LSTM model architecture is built with embedding, LSTM, dropout, and dense layers. The model is trained using the training data and its performance is evaluated using the test data, producing metrics such as accuracy, precision, recall, and F1-score. Evaluation results on the test data show a model accuracy of 99.99%, with precision of 99.99%, recall of 99.99%, and F1-score of 99.99% in distinguishing between normal queries and SQL Injection queries. The trained model and the tokenizer used are then saved for further testing purposes. This research demonstrates that the LSTM-based approach is highly effective in detecting SQL Injection attacks with high accuracy. Thus, the model can be deployed at the production level or production server.
KeywordsSQL Injection; LSTM; Web Security
|
DOIhttps://doi.org/10.29099/ijair.v9i1.1.1547 |
Article metrics10.29099/ijair.v9i1.1.1547 Abstract views : 60 | PDF views : 5 |
Cite |
Full Text Download
|
References
A. Aikido, “The State of SQL Injection.” Diakses: 27 September 2025. [Daring]. Tersedia pada: https://www.aikido.dev/blog/the-state-of-sql-injections
K. Chan, R. Gururajan, dan F. Carmignani, “A Human–AI Collaborative Framework for Cybersecurity Consulting in Capstone Projects for Small Businesses,” J. Cybersecurity Priv., Mei 2025, doi: 10.3390/jcp5020021.
R. Kashef dkk., “Bridging the Bubbles: Connecting Academia and Industry in Cybersecurity Research,” 2023 IEEE Secure Dev. Conf. SecDev, hlm. 207–213, Feb 2023, doi: 10.1109/SecDev56634.2023.00034.
L. Miller dan M.-O. Pahl, “Collaborative Cybersecurity Using Blockchain: A Survey,” ArXiv, vol. abs/2403.04410, Mar 2024, doi: 10.48550/arXiv.2403.04410.
H. Zafar, C. Hollingsworth, T. Bandyopadhyay, dan A. Randolph, “Collaborative Pathways to Cybersecurity Excellence: Insights from Industry and Academia in the Southeastern US,” J. Cybersecurity Educ. Res. Pract., Jul 2024, doi: 10.62915/2472-2707.1183.
N. Mmango dan T. Gundu, “Cultivating Collective Armor: Towards a Collaborative Cybersecurity Resilience Framework for SMEs,” Eur. Conf. Innov. Entrep., Sep 2024, doi: 10.34190/ecie.19.1.2799.
E. Edgescan, “2024 Vulnerability Statistics Report 9th Edition,” 2025. [Daring]. Tersedia pada: https://www.edgescan.com/wp-content/uploads/2025/04/2024-Vulnerability-Statistics-Report.pdf?utm_source=chatgpt.com
V. Abdullayev dan Dr. A. S. Chauhan, “SQL Injection Attack: Quick View,” Mesopotamian J. CyberSecurity, vol. 2023, hlm. 30–34, Feb 2023, doi: 10.58496/MJCS/2023/006.
M. Souza, S. Ribeiro, V. Lima, F. Cardoso, dan R. Gomes, “Combining Regular Expressions and Machine Learning for SQL Injection Detection in Urban Computing,” J Internet Serv Appl, vol. 15, hlm. 103–111, Jul 2024, doi: 10.5753/jisa.2024.3799.
A. Tagde, P. Jibhakate, Y. Pimpalikar, R. Agrawal, C. Dhule, dan N. Morris, “Comprehensive Data Access Protection Suite,” 2025 Int. Conf. Comput. Commun. Inf. Technol. ICCCIT, hlm. 658–663, Feb 2025, doi: 10.1109/ICCCIT62592.2025.10928082.
A. Hariyani dan P. Dolia, “Comprehensive Review of Advanced Techniques for Mitigating SQL Injection Vulnerabilities in Modern Applications,” Int. J. Innov. Sci. Res. Technol., Apr 2025, doi: 10.38124/ijisrt/25mar1982.
V. Babaey dan A. Ravindran, “GenSQLi: A Generative Artificial Intelligence Framework for Automatically Securing Web Application Firewalls Against Structured Query Language Injection Attacks,” Future Internet, vol. 17, hlm. 8, Des 2024, doi: 10.3390/fi17010008.
D. Muduli dkk., “SIDNet: A SQL Injection Detection Network for Enhancing Cybersecurity,” IEEE Access, vol. 12, hlm. 176511–176526, 2024, doi: 10.1109/ACCESS.2024.3502293.
T. Ali, R. Dipke, V. Dhanshetti, dan N. Gadepally, “Data Leaks Using SQL Injection,” Int. J. Adv. Res. Sci. Commun. Technol., Des 2023, doi: 10.48175/ijarsct-14255.
A. Pawar, N. Kapadnis, P. Joshi, V. Kalyankar, R. Gharat, dan V. Khokle, “Detecting Data Leaks due to SQL Injection,” INTERANTIONAL J. Sci. Res. Eng. Manag., Des 2024, doi: 10.55041/ijsrem39512.
B. P. Singh dan Prof. M. K. Singhal, “Detection of SQL Injection Attack Using Machine Learning Techniques,” Int. J. Sci. Res. Sci. Technol., Des 2024, doi: 10.32628/ijsrst24114323.
Meenakshi dan Murugan, “Understanding the Threat: Exploring SQL Injection Attacks and Prevention Strategies,” Int. Res. J. Mod. Eng. Technol. Sci., Mei 2024, doi: 10.56726/irjmets57129.
A. A. Adriansyah dan M. I. P. Nasution, “KAJIAN TENTANG PERAN PENTING BASIS DATA BAGI PERPUSTAKAAN,” vol. 1, 2024, doi: https://doi.org/10.61722/jinu.v1i4.1819.
A. Hariyani dan P. Dolia, “Comprehensive Review of Advanced Techniques for Mitigating SQL Injection Vulnerabilities in Modern Applications,” Int. J. Innov. Sci. Res. Technol., Apr 2025, doi: 10.38124/ijisrt/25mar1982.
S. S. Chinthalapudi, “Detecting and Mitigating SQL Injection in .NET Applications Using AI-Based Anomaly Detection,” Int. J. Innov. Sci. Res. Technol., Apr 2025, doi: 10.38124/ijisrt/25mar1676.
M. Begum, L. S. C, dan M. P, “Enhancement of Web Application Security using SQLMap and Machine Learning,” Int. Res. J. Innov. Eng. Technol., Jan 2025, doi: 10.47001/irjiet/2025.inspire43.
J. Tadhani, V. Vekariya, V. Sorathiya, S. Alshathri, dan W. El-Shafai, “Securing web applications against XSS and SQLi attacks using a novel deep learning approach,” Sci. Rep., vol. 14, Jan 2024, doi: 10.1038/s41598-023-48845-4.
A. Paul, V. Sharma, dan O. Olukoya, “SQL injection attack: Detection, prioritization & prevention,” J Inf Secur Appl, vol. 85, hlm. 103871, Sep 2024, doi: 10.1016/j.jisa.2024.103871.
A. Bachir, A. Alali, A. Abed, H. Al-Jaberi, L. Dalloul, dan M. Uddin, “A Signature and NLP-based Network Traffic Detection Model For SQL Injections for Enhancing Web Security,” 2024 IEEEACM Int. Conf. Big Data Comput. Appl. Technol. BDCAT, hlm. 91–96, Des 2024, doi: 10.1109/BDCAT63179.2024.00025.
S. S. Chinthalapudi, “Detecting and Mitigating SQL Injection in .NET Applications Using AI-Based Anomaly Detection,” Int. J. Innov. Sci. Res. Technol., Apr 2025, doi: 10.38124/ijisrt/25mar1676.
A. Attri, P. Gundeboyena, V. Chigurla, S. Moluguri, dan N. Kasoju, “Network intrusion detection using hybrid approach,” World J. Adv. Res. Rev., Feb 2025, doi: 10.30574/wjarr.2025.25.2.0367.
A. M. R. Makkawaru dan H. Ashari, “Desain dan Analisis Kinerja Algoritma Pertahanan Aktif untuk Manajemen Aturan Firewall Melalui Simulasi Deteksi Intrusi Berbasis Python,” vol. 5, no. 1, 2025.
O. D. Prasetyo, P. H. Trisnawan, dan A. Bhawiyuga, “Uji Kinerja Host-Based Intrution Detection System WAZUH terhadap Serangan Brute Force dan Dos,” 2023.
M. I. Ghozali, A. A. Riadi, D. A. Putra, dan W. H. Sugiharto, “Pengembangan Sistem Sortir Otomatis untuk Jeruk Citrus: Integrasi Teknologi Sensor dan Algoritma Rule-Based,” vol. 4, no. 3, 2024.
N. Lubis, Mhd. Z. Siambaton, dan R. Aulia, “Implementasi Algoritma Deep Learning pada Aplikasi Speech to Text Online dengan Metode Recurrent Neural Network (RNN),” Sudo J. Tek. Inform., vol. 3, no. 3, hlm. 113–126, Sep 2024, doi: 10.56211/sudo.v3i3.583.
Y. A. Susetyo, H. A. Parhusip, S. Trihandaru, dan B. Susanto, “LSTM-IOT (LSTM-based IoT) untuk Mengatasi Kehilangan Data Akibat Kegagalan Koneksi,” J. Teknol. Inf. Dan Ilmu Komput., vol. 12, no. 1, hlm. 175–186, Feb 2025, doi: 10.25126/jtiik.20251219157.
R. R. Firdaus, “Rancang Bangun Sistem Monitoring Performa Ball Screw Berbasis LSTM-Autoencoder,” 2024.
N. S. Dasari, A. Badii, A. Moin, dan A. Ashlam, “Enhancing SQL Injection Detection and Prevention Using Generative Models,” ArXiv, vol. abs/2502.04786, Feb 2025, doi: 10.48550/arXiv.2502.04786.
A. Paul, V. Sharma, dan O. Olukoya, “SQL injection attack: Detection, prioritization & prevention,” J Inf Secur Appl, vol. 85, hlm. 103871, Sep 2024, doi: 10.1016/j.jisa.2024.103871.
Z. Gui dkk., “SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection,” Appl. Sci., Agu 2024, doi: 10.3390/app14166929.
Celvine Adi Putra, Rianda Pratama, dan Tata Sutabri, “ANALISIS MANFAAT MACHINE LEARNING PADA NEXT-GENERATION FIREWALL SOPHOS XG 330 DALAM MENGATASI SERANGAN SQL INJECTION,” J. Manaj. Inform. Dan Sist. Inf., vol. 6, no. 2, hlm. 197–204, Jun 2023, doi: 10.36595/misi.v6i2.886.
S. Sahren dan A. P. Lubis, “INTRUSION DETECTION SYSTEM BERBASIS DEEP LEARNING UNTUK PENINGKATAN MITIGASI SQL INJECTION DAN SYN FLOOD ATTACK,” 2024.
A. N. Maulana, M. Data, dan F. A. Bakhtiar, “Perancangan dan Implementasi Snort Rule Set untuk Deteksi Serangan SQL Injection,” vol. 9, 2025.
Pramono dan A. Arum Sari, “Prediksi Serangan Sql Injection Pada Jaringan Komputer Menggunakan Metode Support Vector Machine (SVM),” J. TECNOSCIENZA, vol. 8, no. 2, hlm. 317–326, Apr 2024, doi: 10.51158/tecnoscienza.v8i2.1184.
A. Rahayu, E. Yulyanti, dan M. Ghalib, “Systematic Literature Review: SQL Injection Detection Vulnerability Using Machine Learning,” vol. 21, 2025.
C. S. Octiva, T. I. Fajri, E. B. Sulistiarini, S. Suharjo, dan U. W. Nuryanto, “Penggunaan Teknik Data Mining untuk Analisis Perilaku Pengguna pada Media Sosial,” J. Minfo Polgan, vol. 13, no. 1, hlm. 1074–1078, Jul 2024, doi: 10.33395/jmp.v13i1.13936.
R. K. R. Samantapudi, M. R. Dhanagari, dan S. Tarun, “Natural Language Query to SQL query generation using LSTMs, Transformers, LLMs and Gen AI,” Am. J. Technol., Mei 2025, doi: 10.58425/ajt.v4i1.352.
D. Gandhi, A. Giri, dan S. Uparkar, “Overcoming Context Length Limitations in LLM’s Integrating LSTM, Retrieval-Augmented Generation, and Agentic Frameworks for Enhanced Business Data Analysis,” Int. J. Multidiscip. Res., Jan 2025, doi: 10.36948/ijfmr.2025.v07i01.35767.
H. Wei, “Research on the Application of Tree Model in Transforming Complex Natural Language Query Into Sql,” 2025 Int. Conf. Digit. Anal. Process. Intell. Comput. DAPIC, hlm. 379–384, Feb 2025, doi: 10.1109/DAPIC66097.2025.00076.
R. Jin, Z. Chen, K. Wu, M. Wu, X. Li, dan R. Yan, “BiLSTM-Based Two-Stream Network for Machine Remaining Useful Life Prediction,” IEEE Trans. Instrum. Meas., vol. 71, hlm. 1–10, Jan 2022, doi: 10.1109/tim.2022.3167778.
S. Singh dan S. Srivastava, “Enhancing the performance of deep learning models with fuzzy c-means clustering,” Knowl Inf Syst, vol. 66, hlm. 7627–7665, Agu 2024, doi: 10.1007/s10115-024-02211-6.
I. D. Mienye, T. Swart, dan G. Obaido, “Recurrent Neural Networks: A Comprehensive Review of Architectures, Variants, and Applications,” Inf., vol. 15, hlm. 517, Agu 2024, doi: 10.3390/info15090517.
N. Das dan S. Begum, “An Empirical Study of Loss Functions for Aspect Category Detection in Imbalanced Data Scenario,” 2025 10th Int. Conf. Signal Process. Commun. ICSC, hlm. 247–252, Feb 2025, doi: 10.1109/ICSC64553.2025.10968230.
U. Lilhore dkk., “Hybrid convolutional neural network and bi-LSTM model with EfficientNet-B0 for high-accuracy breast cancer detection and classification,” Sci. Rep., vol. 15, Apr 2025, doi: 10.1038/s41598-025-95311-4.
A. Rahman, S. Parvej, K. S. Alam, dan H. A. Fattah, “Optimizing SMS Spam Detection: Comparative Analysis of Hybrid Voting Ensembles and BiLSTM Networks with Stratified Cross-Validation,” 2024 5th Int. Conf. Data Intell. Cogn. Inform. ICDICI, hlm. 1030–1035, Nov 2024, doi: 10.1109/ICDICI62993.2024.10810777.
J. Huang, G. Niu, H. Guan, dan S. Song, “Ultra-Short-Term Wind Power Prediction Based on LSTM with Loss Shrinkage Adam,” Energies, Apr 2023, doi: 10.3390/en16093789.
S. R. Darmawan, M. Fatchan, dan D. Maulana, “PREDICTION OF 2024 PRESIDENTIAL ELECTION USING K-NN WITH METRIC APPROACHES CHEBYSHEV AND EUCLIDEAN BASED ON TWITTER DATA INVESTIGATION,” J. Tek. Inform. Jutif, vol. 5, no. 2, hlm. 475–485, Apr 2024, doi: 10.52436/1.jutif.2024.5.2.1720.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
________________________________________________________
The International Journal of Artificial Intelligence Research
Organized by: Prodi Teknik Informatika Fakultas Teknologi Bisnis dan Sains
Published by: Universitas Dharma Wacana
Jl. Kenanga No. 03 Mulyojati 16C Metro Barat Kota Metro Lampung
Email: jurnal.ijair@gmail.com
This work is licensed under Creative Commons Attribution-ShareAlike 4.0 International License.