Hybrid Structure Query Language Injection (SQLi) Detection Using Deep Q-Networks: A Reinforcement Machine Learning Model

Abstract

Structured Query Language injection (SQLi) remains one of the most pervasive and dangerous threats to web-based systems, capable of compromising databases and bypassing authentication protocols. Despite advancements in machine learning for cybersecurity, many models rely on static detection rules or require extensive labeled datasets, making them less adaptable to evolving threats. Addressing this limitation, the present study aimed to design, implement, and evaluate a Deep Q-Network (DQN) model capable of detecting SQLi attacks using reinforcement learning. The research employed a Design and Development Research (DDR) methodology, supported by an evolutionary prototyping framework, and utilized a dataset of 30,919 labeled SQL queries, balanced between malicious and safe inputs. Preprocessing involved query normalization and vector encoding into fixed-length ASCII representations. The DQN model was trained over 2,000 episodes, using experience replay and an epsilon-greedy strategy. Key evaluation metrics—accuracy, cumulative reward, and epsilon decay—showed performance improvements, with accuracy increasing from 52% to 82% and stabilizing between 65% and 73% in later episodes. The agent demonstrated consistent adaptability by successfully generalizing across various injection patterns. This outcome suggests that reinforcement learning, particularly using DQN, provides a viable alternative to traditional models, with superior resilience and dynamic learning capabilities. The model's convergence trend highlights its practical application in real-time SQLi detection systems, contributing significantly to cybersecurity measures for database-driven application.