Loading [MathJax]/extensions/MathMenu.js
Fine-Tuning Transformer LLMs for Detecting SQL Injection and XSS Vulnerabilities | IEEE Conference Publication | IEEE Xplore

Fine-Tuning Transformer LLMs for Detecting SQL Injection and XSS Vulnerabilities


Abstract:

This paper introduces a method for detecting SQL Injection (SQLi), Command Injection, and Cross-Site Scripting (XSS) vulnerabilities using fine-tuned, transformer-based l...Show More

Abstract:

This paper introduces a method for detecting SQL Injection (SQLi), Command Injection, and Cross-Site Scripting (XSS) vulnerabilities using fine-tuned, transformer-based language models within a multilabel binary classification framework. Our approach takes advantage of three pre-trained lightweight models: DistilBERT, ALBERT, and ArmoRM-Llama3-8B. Each fine-tuned for text classification tasks on the SQLi XSS dataset. Fine-tuning involved freezing the pretrained transformer layers and updating a fully connected output layer. The primary challenge lies in generating multi-label outputs for four vulnerability classes (SQL Injection, Command Injection, XSS, and Normal traffic) with binary indicators for normal (0) or attack (1) status. Evaluation metrics, including confusion matrices, indicate that fine-tuning ArmoRM-Llama3-8B achieves slightly higher accuracy and detection rates than DistilBERT and ALBERT, particularly in identifying complex injection attacks. Furthermore, ArmoRM-Llama3-8B demonstrated the fastest testing evaluation time despite a moderately longer training period. These results highlight the feasibility and effectiveness of transformer-based language models in enhancing web security through improved vulnerability detection.
Date of Conference: 18-21 February 2025
Date Added to IEEE Xplore: 19 March 2025
ISBN Information:

ISSN Information:

Conference Location: Fukuoka, Japan

Contact IEEE to Subscribe

References

References is not available for this document.