Hybrid Transformer-Based Classification for Web-Based Injection Attack Detection: A Novel Roberta-XLNet Approach

Volume 17, Number 3

Hybrid Transformer-Based Classification for Web-Based Injection Attack Detection: A Novel Roberta-XLNet Approach

Authors

Ranuja Seethawaka, Chathurya Nambuwasam, D.K.W.G.G.T. Chandrasiri, K.A.S. Kavithma, Harinda Fernando and Ayesha Wijesooriya, Sri Lanka Institute of Information Technology, Sri Lanka

Abstract

Web-based injection attacks such as SQL Injection (SQLi) and Cross-Site Scripting (XSS) remain significant cybersecurity threats, enabling adversaries to manipulate databases, execute unauthorized commands, and compromise sensitive data. Traditional detection mechanisms—including rule-based and anomaly-based intrusion detection systems—struggle with high false positive rates and limited adaptability to evolving attack vectors. This research introduces a novel hybrid transformer-based classification model, integrating RoBERTa and XLNet architectures to enhance web-based injection attack detection. The hybrid model capitalizes on RoBERTa’s dynamic contextual embeddings and XLNet’s permutation-based language understanding to provide a robust and generalized detection mechanism capable of handling obfuscated and zero-day payloads. The study utilizes two labeled datasets: 43,135 SQLi and 16,985 XSS payloads, preprocessed through standardized cleaning, tokenization, and padding techniques. The hybrid architecture extracts [CLS] and finaltoken embeddings from RoBERTa and XLNet respectively, concatenates them into a 1536-dimensional feature vector, and classifies through a three-layer dense neural network. Evaluation metrics include Accuracy, Precision, Recall, F1 Score, False Positive Rate, and Computational Cost.Results reveal that the hybrid model outperforms standalone BERT, RoBERTa, and XLNet implementations, achieving 97.66% accuracy, 98% precision, and 97% recall, while maintaining efficient computational performance via frozen transformer layers. The model demonstrates superior robustness against complex payloads, reduced overfitting, and scalable potential for Security Operations Centers (SOCs). This approach offers a novel and effective solution for intelligent, real-time web-based threat detection.

Keywords

Web-Based Attacks, SQL Injection, XSS, Transformer Models, RoBERTa-XLNet, Cybersecurity