LLM을 활용한 SQL Injection 퍼징 연구

Vol. 35, No. 2, pp. 323-334, 4월. 2025
10.13089/JKIISC.2025.35.2.323, Full Text:
Keywords: LLM, SQL Injection, Mutation, Detection
Abstract

The recent advancement of large language models (LLM) is also presenting new possibilities in the security field based on code-level contextual understanding and generation capabilities. In this study, we use these LLMs to test the potential as a mutation engine and detection engine to efficiently detect SQL injection vulnerabilities in web application environments. Specifically, LLM is used as a mutation engine to automatically generate sophisticated attack payloads that fit the actual SQL context beyond simple string variation, and LLM is used as a detection engine to verify that changes in SQL context are recognized and vulnerabilities are immediately identified. As a result of the experiment, it was confirmed that this approach can be used as a more effective security technology by understanding the SQL context and capturing various injection patterns.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
김승현 and 이상진, "Research on SQL Injection Fuzzing Using LLM," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 2, pp. 323-334, 2025. DOI: 10.13089/JKIISC.2025.35.2.323.

[ACM Style]
김승현 and 이상진. 2025. Research on SQL Injection Fuzzing Using LLM. Journal of The Korea Institute of Information Security and Cryptology, 35, 2, (2025), 323-334. DOI: 10.13089/JKIISC.2025.35.2.323.