A Hybrid Deep Learning Framework with Honeypot-Assisted Intelligence for SQL Injection Detection

Abstract

The purpose of this article is to propose a hybrid deep learning framework for the effective detection of SQL injection (SQLi) attacks in database-driven web applications. The proposed framework integrates supervised and unsupervised learning techniques with honeypot-assisted intelligence collection to address the limitations of existing SQLi detection systems, which are largely reactive and primarily focused on classification accuracy without adaptive intelligence mechanisms. The architecture combines a CNN–LSTM pathway for supervised pattern recognition with an autoencoder-based anomaly detection pathway trained on benign queries. Outputs from both pathways are fused through a learned fusion layer to improve robustness against both known and previously unseen attack variants. Queries classified as malicious are redirected to a low-interaction database honeypot, enabling structured capture of attack payloads and behavioural artefacts for security intelligence generation. Experimental evaluation conducted on a curated dataset of approximately 50,000 SQL queries demonstrates strong detection performance, achieving an average accuracy of 99.2 per cent, precision of 98.9 per cent, recall of 99.0 per cent, and an AUC of 0.99 across multiple runs. Although the architecture supports closed-loop retraining using honeypot-captured data, this study focuses on offline performance and initial intelligence acquisition, with adaptive retraining identified as future work. The results demonstrate that integrating supervised learning, anomaly detection, and deception mechanisms provides a robust foundation for adaptive SQLi defence systems.