A Bio-Inspired Algorithm for Zero-Day SQL Injection Detection via Slime Mould Classifier

Abstract

With the continuous development of the cybersecurity field, detecting unknown or zero-day attacks remains a significant challenge due to their unpredictable behavior. This paper proposes a novel biologically inspired approach to detecting unknown SQL Injection (SQLi) attacks using the Slime Mould Algorithm (SMA). This method leverages the adaptive and heuristic capabilities of the SMA to detect unknown attacks. A binary classification model was developed and trained on a benchmark dataset containing both natural queries and diverse SQLi attack vectors, including Out-of-Band, Boolean-based, Time-based, and Union-based injections. To ensure robustness and generalization, K-Fold cross-validation was employed. The SMA-based model demonstrated superior detection capabilities, particularly in identifying zero-day attacks that deviate from known patterns. The experimental results reveal promising detection rates across all attack types: 89.33% for Out-of-Band-based SQLi, 97.89% for Boolean-based SQLi, 90.27% for Time-based SQLi, and 96.69% for Union-based SQLi, and 91.51% for Error-based SQLi. These results underline the effectiveness of SMA in generalizing beyond seen data, a critical advantage in dynamic threat environments. Compared to traditional machine learning models, the SMA-based classifier achieved higher accuracy and F1 scores, confirming its potential as a powerful tool for web application security.