Search papers, labs, and topics across Lattice.
This paper introduces a novel framework for SQL injection detection that leverages request-response context, addressing the limitations of existing defenses against obfuscated attacks. A multi-agent honeypot system generates a dataset of 140,973 labeled request-response pairs, capturing contextual cues absent in payload-only data. Experiments demonstrate that models trained on this dataset, specifically CNN and BiLSTM, achieve over 40% accuracy improvement compared to models trained on payload-only data, highlighting the value of request-response context.
Context matters: SQL injection detection accuracy jumps by over 40% when models are trained on request-response pairs versus payload-only data.
SQL injection remains a major threat to web applications, as existing defenses often fail against obfuscation and evolving attacks because of neglecting the request-response context. This paper presents a context-enriched SQL injection detection framework, focusing on constructing a high-quality request-response dataset via a multi-agent honeypot system: the Request Generator Agent produces diverse malicious/benign requests, the Database Response Agent mediates interactions to ensure authentic responses while protecting production data, and the Traffic Monitor pairs requests with responses, assigns labels, and cleans data, yielding totally 140,973 labeled pairs with contextual cues absent in payload-only data. Experiments show that models trained on this context dataset outperform payload-only counterparts: CNN and BiLSTM achieve over 40\% accuracy improvement in different tasks, validating that the request-response context enhances the detection of evolving and obfuscated attacks.
