A system model for detecting SQL injections based on a combined analysis of query syntax structures and behavioral characteristics
Abstract
A system model for detecting SQL injections based on a combined analysis of query syntax structures and behavioral characteristics
Incoming article date: 23.12.2025The article presents a systematic study of information flows in the "application-DBMS" link and proposes a comprehensive model of protection against SQL injections based on multi-level analysis. The system analysis considers the full cycle of query processing, which allows overcoming the fragmentation of existing approaches. The limitations of existing methods based on signature analysis, machine learning, and syntax validation are analyzed. To improve the reliability and accuracy of detection, a new combined method is proposed that integrates static syntax analysis of abstract syntax trees (AST) of queries with dynamic behavioral analysis of sessions. A key feature of the syntax module is the application of the Jaccard coefficient to assess the structural similarity of paths in the AST, which ensures the efficient detection of polymorphic injections. The behavioral module analyzes the temporal and statistical patterns of the query sequence, which allows.
Keywords: SQL injections, system analysis, machine learning, parsing, abstract syntax tree, behavioral analysis, Jaccard coefficient, polymorphic attacks, time-based attacks