NSGA-II Optimization of Probabilistic Neural Networks for Robust SQL Injection Attack Detection
Keywords:
Cybersecurity, NSGA-II Optimization, SQL injection attacks, Deep Learning, Probabilistic Neural NetworkAbstract
SQL injection attacks have been around for years, yet because of the threat they pose to web application backend databases, they have not been mitigated. New and sophisticated attack methods have been developed over the years, using strategies and techniques that increasingly bypass traditional approaches to attack detection. This illustrates increased demand for more advanced Machine Learning models. In this paper, we outline a new approach to provide more efficiency in the detection of SQL attacks. In our approach, we convert raw SQL queries using the Term Frequency-Inverse Document Frequency (TF-IDF) method to create a feature vector that aids in training Probabilistic Neural Network (PNN) classifier. A new approach we introduce in this paper is the use of the Non-dominated Sorting Genetic Algorithm II (NSGA-II) to improve the detection and reduce the complexity of the PNN model. In the end, we will demonstrate the problem of efficiency and the model’s generalization. With our extensive analysis (30,919 SQL queries), findings show that the NSGA-II-optimized PNN provides the most accurate detection at 99.92% and an equal F1 score of 99.94 for the malicious data. The proposed model provides the best detection performance and reduces overfitting in the multi-objective PNN model, making it more stable. The proposal demonstrates that it is a more adaptable solution for real-time SQL injection defense and also addresses the previously identified gap in multi-objective optimization in cybersecurity.
Downloads
References
1] M. A. O. Ahmed, Y. Abdelsatar, R. Alotaibi, and O. Reyad, “Enhancing Internet of Things security using performance gradient boosting for network intrusion detection systems,” Alexandria Engineering Journal, vol. 116, p. 472–482, 2025.
[2] OWASP, “SQL injection,” OWASP Documentation, 2023.
[3] W. G. J. Halfond, A. Orso, and P. Manolios, “Using positive tainting and syntax-aware evaluation to counter SQL injection attacks,” in Proc. ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2006, p. 175–185.
[4] S. Wali, Y. A. Farrukh, and I. Khan, “Semantic-aware web security: Detecting attacks with a large language model,” Cyber Security: Policy and Technology, pp. 247–265, 2026.
[5] K. Bennouk, N. Ait Aali, Y. El Bouzekri El Idrissi, B. Sebai, A. Z. Faroukhi, and D. Mahouachi, “A comprehensive review and assessment of cybersecurity vulnerability detection methodologies,” Journal of Cybersecurity and Privacy, vol. 4, no. 4, p. 853–908, 2024.
[6] OWASP, “OWASP Top Ten web application security risks,” OWASP Documentation, 2021.
[7] T. Scholte, D. Balzarotti, and E. Kirda, “Have things changed now? An empirical study on input validation vulnerabilities in web applications,” Computers & Security, vol. 31, no. 3, p. 344–356, 2012.
[8] G. Márquez, L. G. Montañez, and J. A. Parejo, “Vulnerability impact analysis in software project dependencies based on Satisfiability Modulo Theories,” Computers & Security, vol. 139, p. 103669, 2024.
[9] K. Kemalis and T. Tzouramanis, “SQL-IDS: A specification-based approach for SQL injection detection,” in Proc. ACM Symp. Appl. Comput., 2008, p. 2153–2158.
[10] F. Valeur, D. Mutz, and G. Vigna, “A learning-based approach to the detection of SQL attacks,” in Detection of Intrusions and Malware, and Vulnerability Assessment, 2005, p. 123–140.
[11] I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning, MIT Press, 2016.
[12] J. Wang, S. Li, and D. Zhao, “SQL injection detection using convolutional neural networks with attention mechanism,” Computers & Security, vol. 110, p. 102412, 2021.
[13] Q. Li, F. Wang, J. Wang, and W. Li, “LSTM-based SQL injection detection method for intelligent transportation system,” IEEE Trans. Veh. Technol., vol. 68, no. 5, p. 4182–4191, 2019.
[14] F. Okello, “A study of machine learning-based approaches for SQL injection detection and prevention,” Int. J. Adv. Res., vol. 13, p. 2320–5407, 2025.
[15] F. K. Alarfaj and N. A. Khan, “Enhancing the performance of SQL injection attack detection through probabilistic neural networks,” Applied Sciences, vol. 13, no. 7, p. 4365, 2023.
[16] Y. Li, X. Wang, and Z. Liu, “SQL injection detection using BAT algorithm optimized probabilistic neural network,” Security and Communication Networks, 2021, p. 1–12.
[17] K. Deb, A. Pratap, S. Agarwal, and T. Meyarivan, “A fast and elitist multiobjective genetic algorithm: NSGA-II,” IEEE Trans. Evol. Comput., vol. 6, no. 2, p. 182–197, 2002.
[18] D. Oliva, M. A. P. Cisneros, B. Morales-Castañeda, and M. A. N. Velázquez, “Initialization and diversity in optimization algorithms,” CRC Press, 2026.
[19] C.-M. Rosca, A. Stancu, and C. Popescu, “Machine learning models for SQL injection detection,” Electronics, vol. 14, no. 17, p. 3420, 2025.
[20] R. Dasari et al., “Generative adversarial networks for SQL injection detection: A data augmentation approach,” in Int. Conf. Artif. Intell. Security, 2025, p. 234–245.
[21] N. Sharma and B. Arora, “Machine learning and deep learning models for anomaly intrusion detection in networks: A systematic review,” SN Computer Science, vol. 6, p. 832, 2025.
[22] F. K. Alarfaj and N. A. Khan, “Enhancing the performance of SQL injection attack detection through probabilistic neural networks,” Applied Sciences, vol. 13, no. 7, p. 4365, 2023.
[23] Y. Kang, M. Tan, D. Lin, and Z. Zhao, “Intrusion detection model based on autoencoder and XGBoost,” J. Phys.: Conf. Ser., vol. 2171, p. 012053, 2022.
[24] M. Alqhtani, D. Alghazzawi, and S. Alarifi, “Deep learning architecture for detecting SQL injection attacks based on RNN autoencoder model,” Mathematics, vol. 11, p. 3286, 2023.
[25] M. Alghawazi, D. Alghazzawi, and S. Alarifi, “Deep learning architecture for detecting SQL injection attacks based on RNN autoencoder model,” Mathematics, vol. 11, no. 15, p. 3286, 2023.
[26] E. Casmiry, N. Mduma, and R. Sinde, “Enhanced SQL injection detection using chi-square feature selection and machine learning classifiers,” Frontiers in Big Data, vol. 8, p. 1686479, 2025.
[27] P. Panadiya and Singhal, “Advanced detection and prevention of SQL injection attacks using machine learning techniques for enhanced web security,” Int. J. Sci. Res. Sci. Technol., vol. 11, p. 554–564, 2024.
[28] Y. Zhang et al., “RbSQLi: A comprehensive rule-based labeled dataset for SQL injection research,” Scientific Data, vol. 12, no. 1, p. 150, 2025.
[29] Sajid576, “SQL injection dataset,” Kaggle, 2022.
[30] I.-C. Potinteu and R. Varga, “Detecting injection attacks using long short-term memory,” in IEEE Int. Conf. Intell. Comput. Commun. Process., 2020, p. 163–169.
[31] K. Takyi, R.-M. O. Mensah Gyening, M. Kobinnah, and M. A. Boateng, “Enhancing SQL injection detection with long short-term memory networks in deep learning,” Int. J. Open Inf. Technol., vol. 13, pp. 7–13, 2025.
[32] D. Chen, Q. Yan, C. Wu, and J. Zhao, “SQL injection attack detection and prevention techniques using deep learning,” J. Phys.: Conf. Ser., vol. 1757, p. 012055, 2021.
[33] S. Abu and A. A. Setyawan, “A novel SQL injection detection using Bi-LSTM and TF-IDF,” in Proc. 7th Int. Conf. Inf. Netw. Technol. (ICINT), Okinawa, Japan, May 2022, p. 16–22.
[34] I. S. Crespo-Martínez, A. Campazas-Vega, A. M. Guerrero-Higueras, V. Riego-DelCastillo, C. Álvarez-Aparicio, and C. Fernández-Llamas, “SQL injection attack detection in network flow data,” Computers & Security, vol. 127, p. 103093, 2023.
Downloads
Published
Issue
Section
Categories
License
Copyright (c) 2026 Engineering Systems and Intelligent Technologies (ESIT)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Engineering Systems and Intelligent Technologies (ESIT) content is published under a Creative Commons Attribution License (CCBY). This means that content is freely available to all readers upon publication, and content is published as soon as production is complete.
Engineering Systems and Intelligent Technologies (ESIT) seeks to publish the most influential papers that will significantly advance scientific understanding. Selected articles must present new and widely significant data, syntheses, or concepts. They should merit recognition by the wider scientific community and the general public through publication in a reputable scientific journal.
