Detecting and preventing sql injection attacks using large language models

This thesis explores the detection and prevention of SQL Injection Attacks through the integration of Large Language Models (LLMs) into modern web security frameworks. SQL injection attacks keep being one of the critical threats for organizations. This thesis categorizes and analyses a number of SQL injection attacks including Boolean-based, union-based, and error-based. It provides a general overview of the prevention methods using parameterized queries, input validation, and web application firewalls. A central focus of this thesis is on leveraging advancements in large language models (LLMs), to enhance SQL injection attacks detection and prevention. Specifically, five cutting-edge free training LLMs are evaluated for their effectiveness in identifying various SQL injection techniques. LLMs, trained on wide datasets, can analyse patterns, predict vulnerabilities, and provide real-time threat mitigation recommendations. To test and evaluate these models, we use a custom-labeled dataset, which contains malicious and legitimate SQL queries. Each model was tested using evaluation metrics included accuracy, precision, recall and F1-score. Among the tested models, mixtral-8x7b-instruct consistently achieved the highest detection performance, offering a balanced trade-off between precision and recall across SQL injection categories. This makes it clear that the model can be useful in providing intelligent and automated security auditing at web-based applications. Findings indicate that Mixtral-8x7B Instruct achieved the best results an average of F1-score of 87.52% and an accuracy of 86.67%. The second one was LLaMA-3-70B that was well-recalling and had a wide detection scale. DeepSeek and CodeLLaMA both performed well in some form of attacks, but not overall. On the other hand, the best average detection measures were achieved with Qwen2.5-Coder-7B although it has low computational efficiency. These findings indicate that advanced LLMs are potentially promising to enhance the detection of SQL injection and complementary security. Keywords: Boolean SQL Injection, Cybersecurity, Error SQL injection, Large Language Models, Mixtral-8x7B-Instruct, Union SQL injection, Web Security