i am very happy to support my students Pannawit Supanwassa and Tedrick Tay in their paper An Incremental Learning Approach for Efficient Detection of Emerging Type of SQL Injections to be shared at the 2nd International Conference of Modelling, Data Analytics and AI in Engineering, this July in Porto :-)
its abstract reads:
Current supervised learning models such as Support Vector Machine, Multilayer Perceptron (MLP) and Convolutional Neural Network (CNN) predict common structure language query injection (SQLi) at hyper accuracy. However, a study shows that such accuracy could decrease drastically if unseen SQLi is inputted without manual re-training. Our developed solution incorporates the use of modern Large Language Model (LLMs) and Incremental Learning, along with those previous models to sustainably tackle emerging types of SQLi attack. We fine-tune LLMs for SQLi feature extraction, train our models with up-to-date SQLi payloads and simulate incremental learning in selected classification and clustering models to observe their behavior. Our models show promise in offering cost-effective mitigation to the problem.
