<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.4 20241031//EN" "JATS-journalpublishing1-4.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" article-type="research-article" dtd-version="1.4" xml:lang="en">
  <front>
    <journal-meta>
      <journal-id journal-id-type="publisher-id">jilsa</journal-id>
      <journal-title-group>
        <journal-title>Journal of Intelligent Learning Systems and Applications</journal-title>
      </journal-title-group>
      <issn pub-type="epub">2150-8410</issn>
      <issn pub-type="ppub">2150-8402</issn>
      <publisher>
        <publisher-name>Scientific Research Publishing</publisher-name>
      </publisher>
    </journal-meta>
    <article-meta>
      <article-id pub-id-type="doi">10.4236/jilsa.2026.183012</article-id>
      <article-id pub-id-type="publisher-id">jilsa-152202</article-id>
      <article-categories>
        <subj-group>
          <subject>Article</subject>
        </subj-group>
        <subj-group>
          <subject>Computer Science</subject>
          <subject>Communications</subject>
        </subj-group>
      </article-categories>
      <title-group>
        <article-title>Dual-Stream Detection of HTTP Injection Attacks: A Hybrid Architecture Combining ModernBERT and Character-Level CNNs</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Wangilisasi</surname>
            <given-names>Emil</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Leo</surname>
            <given-names>Judith</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Sam</surname>
            <given-names>Anael</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
      </contrib-group>
      <aff id="aff1"><label>1</label> School of Computational and Communication Science and Engineering, Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha, Tanzania </aff>
      <author-notes>
        <fn fn-type="conflict" id="fn-conflict">
          <p>The authors declare no conflicts of interest regarding the publication of this paper.</p>
        </fn>
      </author-notes>
      <pub-date pub-type="epub">
        <day>03</day>
        <month>08</month>
        <year>2026</year>
      </pub-date>
      <pub-date pub-type="collection">
        <month>08</month>
        <year>2026</year>
      </pub-date>
      <volume>18</volume>
      <issue>03</issue>
      <fpage>181</fpage>
      <lpage>197</lpage>
      <history>
        <date date-type="received">
          <day>16</day>
          <month>05</month>
          <year>2026</year>
        </date>
        <date date-type="accepted">
          <day>26</day>
          <month>06</month>
          <year>2026</year>
        </date>
        <date date-type="published">
          <day>29</day>
          <month>06</month>
          <year>2026</year>
        </date>
      </history>
      <permissions>
        <copyright-statement>© 2026 by the authors and Scientific Research Publishing Inc.</copyright-statement>
        <copyright-year>2026</copyright-year>
        <license license-type="open-access">
          <license-p> This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( <ext-link ext-link-type="uri" xlink:href="https://creativecommons.org/licenses/by/4.0/">https://creativecommons.org/licenses/by/4.0/</ext-link> ). </license-p>
        </license>
      </permissions>
      <self-uri content-type="doi" xlink:href="https://doi.org/10.4236/jilsa.2026.183012">https://doi.org/10.4236/jilsa.2026.183012</self-uri>
      <abstract>
        <p>Web applications remain critically vulnerable to injection attacks, including SQL Injection (SQLi), OS Command Injection, and Cross-Site Scripting (XSS) among others, which exploit the semantic gap between user-supplied input and executable code. Traditional Web Application Firewalls (WAFs) rely on signature-based pattern matching, rendering them susceptible to evasion through payload obfuscation. While Transformer-based language models excel at capturing long-range contextual dependencies and have demonstrated promise in detecting malicious intent, they alone may not fully exploit the fine-grained character-level patterns that distinguish obfuscated attack payloads. This paper proposes a Dual-Stream Hybrid Architecture that combines the contextual reasoning capabilities of Modern Bidirectional Encoder Representations from Transformers (ModernBERT), a state-of-the-art encoder supporting 8192 token sequences, with a Character-Level 1D Convolutional Neural Network (CNN) optimized for morphological pattern recognition. The semantic stream captures high-level payload intent, while the syntactic stream detects low-level structural signatures of obfuscation techniques (e.g., URL encoding, hexadecimal evasion, comment injection). Experiments on a composite dataset of ~93,500 HTTP requests, aggregated from public payload repositories, synthetic attack campaigns generated with SQLMap and XSStrike on vulnerable web applications, live honeypot traffic captured via T-Pot (SNARE/Tanner), and benign browsing sessions simulated with Playwright, demonstrate that our hybrid approach achieves 98.7% accuracy and 98.3% F1-score, outperforming standalone ModernBERT and CNN baselines by 2.4% and 8.6% respectively.</p>
      </abstract>
      <kwd-group kwd-group-type="author-generated" xml:lang="en">
        <kwd>Web Application Security</kwd>
        <kwd>HTTP Injection</kwd>
        <kwd>Deep Learning</kwd>
        <kwd>ModernBERT</kwd>
        <kwd>Convolutional Neural Networks</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec1">
      <title>1. Introduction</title>
      <p>The ubiquity of web applications in modern digital infrastructure has dramatically expanded the attack surface for application-layer vulnerabilities. The Open Web Application Security Project (OWASP) Top 10 [<xref ref-type="bibr" rid="B1">1</xref>] lists Injection flaws (A05:2025) among the most critical security risks. Attackers exploit these vulnerabilities through techniques such as SQL Injection (SQLi), manipulating database queries to exfiltrate sensitive data or bypass authentication, and Cross-Site Scripting (XSS), injecting malicious scripts that execute in victim browsers to steal session tokens or perform unauthorized actions.</p>
      <p>The detection of injection attacks presents a fundamental tension between generalization and precision. Current detection paradigms fall into two principal categories:</p>
      <p><bold>Signature-Based/Rule-Based Systems (WAFs):</bold> Commercial and open-source WAFs such as ModSecurity employ Regular Expression (RegEx) pattern matching against known attack signatures. While computationally efficient with O(n) complexity, these systems exhibit inherent brittleness; a single novel obfuscation technique, such as substituting whitespace with inline SQL comments (/**/) or employing double URL encoding (%2527 to 27% to '), can bypass detection entirely. Empirical studies report bypass rates exceeding 70% against production WAFs using automated evasion tools [<xref ref-type="bibr" rid="B2">2</xref>].</p>
      <p><bold>Machine Learning Approaches:</bold> Recent advances have applied methods such as Long Short-Term Memory networks (LSTMs), Recurrent Neural Networks (RNNs), and the Transformer based models to do payload classification [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B4">4</xref>]. However, standard Transformer models operate at the sub-word level such as WordPiece [<xref ref-type="bibr" rid="B5">5</xref>] and Byte-Pair Encoding [<xref ref-type="bibr" rid="B6">6</xref>], which, while effective for capturing semantic context, may not fully leverage the fine-grained character-level patterns that distinguish obfuscated payloads, such as encoding sequences, special character distributions, and structural irregularities.</p>
      <p>To mitigate these issues, a Hybrid Deep Learning Architecture is introduced that processes HTTP payloads through two complementary pathways operating in parallel. Our key contributions are:</p>
      <p><bold>Dual-Stream Fusion:</bold> We propose a hybrid architecture combining ModernBERT [<xref ref-type="bibr" rid="B7">7</xref>] for semantic understanding with a Character-Level CNN for syntactic pattern recognition, enabling robust detection across both natural language manipulation and code-level obfuscation.<bold>Obfuscation Resilience:</bold> Through ablation studies, we demonstrate that the character-level branch provides complementary pattern recognition capabilities, maintaining 96.5% accuracy on highly obfuscated payloads where standalone Transformers degrade to 84.2%.</p>
    </sec>
    <sec id="sec2">
      <title>2. Related Work</title>
      <sec id="sec2dot1">
        <title>2.1. Traditional Web Application Firewalls</title>
        <p>Signature-based detection remains the predominant approach in commercial WAFs. ModSecurity’s Core Rule Set (CRS) employs over 200 curated regular expressions targeting known injection patterns [<xref ref-type="bibr" rid="B1">1</xref>]. While achieving high precision on canonical attack vectors, these systems suffer from two critical limitations <italic>i.e.</italic>, zero-day vulnerability, where novel attack patterns require manual rule updates, and evasion susceptibility, where automated tools such as SQLMap [<xref ref-type="bibr" rid="B8">8</xref>] and WAFNinja [<xref ref-type="bibr" rid="B9">9</xref>] systematically generate bypass payloads through encoding permutations, case manipulation, and comment injection.</p>
      </sec>
      <sec id="sec2dot2">
        <title>2.2. Machine Learning for Intrusion Detection</title>
        <p>Early ML approaches employed traditional algorithms such as Logistic Regressions, Random Forests, Naive Bayes and Support Vector Machines operating on features that are manually crafted such as n-gram frequencies and character distribution [<xref ref-type="bibr" rid="B10">10</xref>][<xref ref-type="bibr" rid="B11">11</xref>]. While effective on clean datasets, these methods require extensive feature engineering and do not generalize well to novel attack variants.</p>
        <p>Deep learning approaches have progressively improved detection capabilities. The authors in [<xref ref-type="bibr" rid="B12">12</xref>] demonstrated that BERT-LSTM networks achieve 97.3% accuracy on SQLi detection by extracting sentence-level and word features, then generating embedding vectors that identify malicious SQL query patterns. In [<xref ref-type="bibr" rid="B13">13</xref>], researchers applied attention mechanisms to identify salient payload regions, improving interpretability. However, these approaches operate at the word or sub-word level, leaving room for complementary character-level analysis to capture fine-grained morphological patterns associated with obfuscation techniques.</p>
      </sec>
      <sec id="sec2dot3">
        <title>2.3. Transformer Models in Security Applications</title>
        <p>BERT (Bidirectional Encoder Representations from Transformers) [<xref ref-type="bibr" rid="B14">14</xref>] has been adapted for various security tasks including malware classification, phishing detection, and vulnerability identification [<xref ref-type="bibr" rid="B15">15</xref>]. However, standard BERT architectures impose a 512-token context limit, insufficient for analyzing verbose HTTP requests or multi-stage injection payloads that may span thousands of characters.</p>
        <p>ModernBERT [<xref ref-type="bibr" rid="B7">7</xref>] released in late 2024, addresses these limitations through architectural innovations including Flash Attention [<xref ref-type="bibr" rid="B16">16</xref>] for memory-efficient O(N) attention computation, Alternating Attention interleaving local sliding window attention (128 tokens) with global attention layers, and Rotary Positional Embeddings (RoPE) [<xref ref-type="bibr" rid="B17">17</xref>] enabling extrapolation to 8192 tokens. These advances make ModernBERT particularly suitable for security applications requiring analysis of complete HTTP requests including headers, cookies, and body content, while maintaining the inference speed necessary for real-time deployment.</p>
      </sec>
      <sec id="sec2dot4">
        <title>2.4. Character-Level Neural Networks</title>
        <p>Character-level CNNs do not require tokenization to achieve good performance on text classification tasks, learning hierarchical representations directly from raw character sequences. Subsequent work demonstrated their effectiveness in detecting the morphological signatures of malicious content, such as anomalous character distributions, encoding patterns, and structural irregularities, that may be invisible to word-level models [<xref ref-type="bibr" rid="B18">18</xref>].</p>
      </sec>
      <sec id="sec2dot5">
        <title>2.5. Hybrid and Ensemble Approaches</title>
        <p>Multi-modal fusion architectures have shown promise in combining complementary feature representations. Kim <italic>et al</italic>. [<xref ref-type="bibr" rid="B19">19</xref>] proposed concatenating word embeddings with character-level CNN features for sentiment analysis, achieving improvements over single-modality baselines. Our work extends this paradigm to the security domain, specifically targeting the unique challenges of injection attack detection.</p>
      </sec>
    </sec>
    <sec id="sec3">
      <title>3. Threat Model and Problem Formulation</title>
      <sec id="sec3dot1">
        <title>3.1. Threat Model</title>
        <p>An adversary is considered attempting to exploit web application vulnerabilities through injection attacks embedded in HTTP request components (URL parameters, POST body, headers, cookies). The adversary possesses:</p>
        <p><bold>Knowledge of target application:</bold> Understanding of backend database systems (MySQL, PostgreSQL, etc.) and client-side scripting contexts.<bold>Evasion capabilities:</bold> Access to automated obfuscation tools capable of generating encoding variants, comment injection, case manipulation, and other bypass techniques.<bold>Obfuscation tooling:</bold> Access to publicly available evasion tools and encoding techniques to generate obfuscated payload variants prior to deployment.</p>
        <p>The defender deploys an inline detection system that must classify each incoming HTTP request as benign or malicious within strict latency constraints (&lt;50 ms) while minimizing both false negatives (missed attacks) and false positives (blocked legitimate traffic).</p>
      </sec>
      <sec id="sec3dot2">
        <title>3.2. Problem Formulation</title>
        <p>Given an HTTP payload <italic>x</italic> represented as a character sequence <inline-formula><mml:math><mml:mrow><mml:mi> x </mml:mi><mml:mo> = </mml:mo><mml:mrow><mml:mo> ( </mml:mo><mml:mrow><mml:msub><mml:mi> c </mml:mi><mml:mn> 1 </mml:mn></mml:msub><mml:mo> , </mml:mo><mml:msub><mml:mi> c </mml:mi><mml:mn> 2 </mml:mn></mml:msub><mml:mo> , </mml:mo><mml:mo> ⋯ </mml:mo><mml:mo> , </mml:mo><mml:msub><mml:mi> c </mml:mi><mml:mi> n </mml:mi></mml:msub></mml:mrow><mml:mo> ) </mml:mo></mml:mrow></mml:mrow></mml:math></inline-formula> where <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> c </mml:mi><mml:mi> i </mml:mi></mml:msub><mml:mo> ∈ </mml:mo><mml:mi> Σ </mml:mi></mml:mrow></mml:math></inline-formula> (ASCII character set), the detection task is formulated as binary classification as shown in Equation (1):</p>
        <disp-formula id="FD1">
          <label>(1)</label>
          <mml:math>
            <mml:mrow>
              <mml:mi>f</mml:mi>
              <mml:mrow>
                <mml:mo>(</mml:mo>
                <mml:mi>x</mml:mi>
                <mml:mo>)</mml:mo>
              </mml:mrow>
              <mml:mo>→</mml:mo>
              <mml:mrow>
                <mml:mo>{</mml:mo>
                <mml:mrow>
                  <mml:mn>0</mml:mn>
                  <mml:mo>,</mml:mo>
                  <mml:mn>1</mml:mn>
                </mml:mrow>
                <mml:mo>}</mml:mo>
              </mml:mrow>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>where <italic>f</italic>is the learned classifier, 0 denotes benign traffic, and 1 denotes malicious injection attempt. The objective is to learn <italic>f</italic> that maximizes detection rate (recall) while constraining false positive rate below operational thresholds.</p>
      </sec>
    </sec>
    <sec id="sec4">
      <title>4. Methodology</title>
      <p>We propose a Dual-Stream Architecture that processes HTTP payloads through two independent branches, semantic and syntactic, followed by intermediate feature-level fusion via concatenation before final classification. In this design, the semantic representation produced by ModernBERT and the syntactic representation produced by the character-level CNN are concatenated to form a unified feature vector, which is then passed to a shared classification head. This enables the model to jointly exploit contextual and structural information when distinguishing benign requests from injection attacks. <bold>Model Input:</bold> In the experiments reported in this work, each training sample was represented by a single text field (the payload column after dataset consolidation). For many GET samples we used the query string or URL parameters and for POST/PUT samples we used the body and for repository or tool-generated records, a standalone payload string as provided by the source was used. The same text was fed to both the ModernBERT and character-level CNN branches. HTTP method, headers, cookies, source labels, timestamps, IP addresses, attack-family labels, and ground-truth class labels were not supplied as separate predictive features, they were used only for dataset analysis, stratified splitting, and evaluation. <xref ref-type="fig" rid="fig1">Figure 1</xref> illustrates the complete architecture.</p>
      <fig id="fig1">
        <label>Figure 1</label>
        <graphic xlink:href="https://html.scirp.org/file/9601773-rId21.jpeg?20260629020644" />
      </fig>
      <p><bold>Figure 1.</bold> Dual-stream architecture for HTTP injection detection. ModernBERT (left) encodes sub-word semantics while a character Conv1D (right) captures morphological signatures. Concatenated embeddings pass through a classification head for binary prediction.</p>
      <sec id="sec4dot1">
        <title>4.1. Branch A: Semantic Stream (ModernBERT)</title>
        <p>The semantic branch leverages ModernBERT-base to capture contextual understanding of payload intent.</p>
        <p><bold>Input Processing:</bold> The raw payload string is tokenized using the ModernBERT tokenizer with maximum sequence length L_max = 512 tokens. We select this limit because empirical analysis shows that over 99% of HTTP payloads in our dataset fall within 512 tokens, balancing computational efficiency with coverage. The underlying ModernBERT architecture supports up to 8192 tokens, allowing seamless scaling for applications requiring analysis of verbose multi-part requests. Payloads exceeding the configured limit are truncated with a warning logged for analysis.</p>
        <p><bold>Model Architecture:</bold> ModernBERT-base comprises 22 Transformer layers with hidden dimension <italic>d</italic> = 768, 12 attention heads, and intermediate feed-forward dimension 3072.</p>
        <p><bold>Feature Extraction:</bold> The final hidden state associated with the [CLS] token is extracted and used as the semantic representation, as expressed in Equation (2).</p>
        <disp-formula id="FD2">
          <label>(2)</label>
          <mml:math>
            <mml:mrow>
              <mml:msub>
                <mml:mi>v</mml:mi>
                <mml:mrow>
                  <mml:mi>s</mml:mi>
                  <mml:mi>e</mml:mi>
                  <mml:mi>m</mml:mi>
                </mml:mrow>
              </mml:msub>
              <mml:mo>=</mml:mo>
              <mml:mtext>ModernBERT</mml:mtext>
              <mml:msub>
                <mml:mrow>
                  <mml:mrow>
                    <mml:mo>(</mml:mo>
                    <mml:mi>x</mml:mi>
                    <mml:mo>)</mml:mo>
                  </mml:mrow>
                </mml:mrow>
                <mml:mrow>
                  <mml:mrow>
                    <mml:mo>[</mml:mo>
                    <mml:mrow>
                      <mml:mtext>CLS</mml:mtext>
                    </mml:mrow>
                    <mml:mo>]</mml:mo>
                  </mml:mrow>
                </mml:mrow>
              </mml:msub>
              <mml:mo>∈</mml:mo>
              <mml:msup>
                <mml:mi>ℝ</mml:mi>
                <mml:mrow>
                  <mml:mn>768</mml:mn>
                </mml:mrow>
              </mml:msup>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>This vector encodes the aggregate semantic content of the payload, capturing high-level patterns such as “query attempting data retrieval” or “script injection targeting DOM manipulation”.</p>
      </sec>
      <sec id="sec4dot2">
        <title>4.2. Branch B: Syntactic Stream (Character-Level CNN)</title>
        <p>The syntactic branch employs a 1D Convolutional Neural Network operating directly on character sequences to detect morphological attack signatures.</p>
        <p>Input Processing: Each character in the payload is mapped to its ASCII integer value <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> c </mml:mi><mml:mi> i </mml:mi></mml:msub><mml:mo> ∈ </mml:mo><mml:mrow><mml:mo> { </mml:mo><mml:mrow><mml:mn> 0 </mml:mn><mml:mo> , </mml:mo><mml:mn> 1 </mml:mn><mml:mo> , </mml:mo><mml:mo> ⋯ </mml:mo><mml:mo> , </mml:mo><mml:mn> 255 </mml:mn></mml:mrow><mml:mo> } </mml:mo></mml:mrow></mml:mrow></mml:math></inline-formula> . The input sentences are padded if less or truncated if they exceed the maximum to fixed length <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> L </mml:mi><mml:mrow><mml:mi> c </mml:mi><mml:mi> h </mml:mi><mml:mi> a </mml:mi><mml:mi> r </mml:mi></mml:mrow></mml:msub><mml:mo> = </mml:mo><mml:mn> 1024 </mml:mn></mml:mrow></mml:math></inline-formula> characters.</p>
        <p><bold>Architecture Details:</bold><bold>Table 1</bold> lists the layer configuration of the character-level CNN branch.</p>
        <p><bold>Feature Extraction:</bold>Global max pooling extracts the most salient activation </p>
        <p><bold>Table 1.</bold>Character-level CNN architecture.</p>
        <table-wrap id="tbl1">
          <label>Table 1</label>
          <table>
            <tbody>
              <tr>
                <td>Layer</td>
                <td>Configuration</td>
                <td>Output Shape</td>
                <td>Purpose</td>
              </tr>
              <tr>
                <td>Embedding</td>
                <td>256 × 128</td>
                <td>
                  (
                  <italic>L</italic>
                  , 128)
                </td>
                <td>Dense character representations</td>
              </tr>
              <tr>
                <td>Conv1D-1</td>
                <td>64 filters, k = 3, stride = 1, ReLU</td>
                <td>
                  (
                  <italic>L</italic>
                  , 64)
                </td>
                <td>Trigram detection (%27, OR )</td>
              </tr>
              <tr>
                <td>MaxPool1D</td>
                <td>pool size = 2</td>
                <td>
                  (
                  <italic>L</italic>
                  /2, 64)
                </td>
                <td>Dimensionality reduction</td>
              </tr>
              <tr>
                <td>Conv1D-2</td>
                <td>
                  128 filters,
                  <italic>k</italic>
                  = 5, stride = 1, ReLU
                </td>
                <td>
                  (
                  <italic>L</italic>
                  /2, 128)
                </td>
                <td>Longer patterns (script, UNION)</td>
              </tr>
              <tr>
                <td>MaxPool1D</td>
                <td>pool size = 2</td>
                <td>
                  (
                  <italic>L</italic>
                  /4, 128)
                </td>
                <td>Dimensionality reduction</td>
              </tr>
              <tr>
                <td>Conv1D-3</td>
                <td>
                  128 filters,
                  <italic>k</italic>
                  = 3, stride = 1, ReLU
                </td>
                <td>
                  (
                  <italic>L</italic>
                  /4, 128)
                </td>
                <td>Higher-order combinations</td>
              </tr>
              <tr>
                <td>GlobalMaxPool</td>
                <td>----</td>
                <td>(128)</td>
                <td>Sequence-invariant features</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p>across the sequence:</p>
        <disp-formula id="FD3">
          <label>(3)</label>
          <mml:math>
            <mml:mrow>
              <mml:msub>
                <mml:mi>v</mml:mi>
                <mml:mrow>
                  <mml:mi>s</mml:mi>
                  <mml:mi>y</mml:mi>
                  <mml:mi>n</mml:mi>
                </mml:mrow>
              </mml:msub>
              <mml:mo>=</mml:mo>
              <mml:mtext>GlobalMaxPool</mml:mtext>
              <mml:mrow>
                <mml:mo>(</mml:mo>
                <mml:mrow>
                  <mml:mtext>CNN</mml:mtext>
                  <mml:mrow>
                    <mml:mo>(</mml:mo>
                    <mml:mi>x</mml:mi>
                    <mml:mo>)</mml:mo>
                  </mml:mrow>
                </mml:mrow>
                <mml:mo>)</mml:mo>
              </mml:mrow>
              <mml:mo>∈</mml:mo>
              <mml:msup>
                <mml:mi>ℝ</mml:mi>
                <mml:mrow>
                  <mml:mn>128</mml:mn>
                </mml:mrow>
              </mml:msup>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>This representation captures character-level signatures including high density of special characters (%, ', &lt;, &gt;), encoding patterns indicative of obfuscation, and structural anomalies such as nested brackets or comment sequences.</p>
      </sec>
      <sec id="sec4dot3">
        <title>4.3. Feature Fusion and Classification</title>
        <p>The semantic and syntactic representations are concatenated to form a unified feature vector:</p>
        <disp-formula id="FD4">
          <label>(4)</label>
          <mml:math>
            <mml:mrow>
              <mml:msub>
                <mml:mi>v</mml:mi>
                <mml:mrow>
                  <mml:mi>f</mml:mi>
                  <mml:mi>i</mml:mi>
                  <mml:mi>n</mml:mi>
                  <mml:mi>a</mml:mi>
                  <mml:mi>l</mml:mi>
                </mml:mrow>
              </mml:msub>
              <mml:mo>=</mml:mo>
              <mml:mrow>
                <mml:mo>[</mml:mo>
                <mml:mrow>
                  <mml:msub>
                    <mml:mi>v</mml:mi>
                    <mml:mrow>
                      <mml:mi>s</mml:mi>
                      <mml:mi>e</mml:mi>
                      <mml:mi>m</mml:mi>
                    </mml:mrow>
                  </mml:msub>
                  <mml:mo>∥</mml:mo>
                  <mml:msub>
                    <mml:mi>v</mml:mi>
                    <mml:mrow>
                      <mml:mi>s</mml:mi>
                      <mml:mi>y</mml:mi>
                      <mml:mi>n</mml:mi>
                    </mml:mrow>
                  </mml:msub>
                </mml:mrow>
                <mml:mo>]</mml:mo>
              </mml:mrow>
              <mml:mo>∈</mml:mo>
              <mml:msup>
                <mml:mi>ℝ</mml:mi>
                <mml:mrow>
                  <mml:mn>896</mml:mn>
                </mml:mrow>
              </mml:msup>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>This fused representation passes through a classification head:</p>
        <disp-formula id="FD5">
          <label>(5)</label>
          <mml:math>
            <mml:mrow>
              <mml:mover accent="true">
                <mml:mi>y</mml:mi>
                <mml:mo>^</mml:mo>
              </mml:mover>
              <mml:mo>=</mml:mo>
              <mml:mtext>Softmax</mml:mtext>
              <mml:mrow>
                <mml:mo>(</mml:mo>
                <mml:mrow>
                  <mml:msub>
                    <mml:mi>W</mml:mi>
                    <mml:mn>2</mml:mn>
                  </mml:msub>
                  <mml:mo>⋅</mml:mo>
                  <mml:mtext>ReLU</mml:mtext>
                  <mml:mrow>
                    <mml:mo>(</mml:mo>
                    <mml:mrow>
                      <mml:msub>
                        <mml:mi>W</mml:mi>
                        <mml:mn>1</mml:mn>
                      </mml:msub>
                      <mml:mo>⋅</mml:mo>
                      <mml:mtext>Dropout</mml:mtext>
                      <mml:mrow>
                        <mml:mo>(</mml:mo>
                        <mml:mrow>
                          <mml:msub>
                            <mml:mi>v</mml:mi>
                            <mml:mrow>
                              <mml:mi>f</mml:mi>
                              <mml:mi>i</mml:mi>
                              <mml:mi>n</mml:mi>
                              <mml:mi>a</mml:mi>
                              <mml:mi>l</mml:mi>
                            </mml:mrow>
                          </mml:msub>
                          <mml:mo>,</mml:mo>
                          <mml:mi>p</mml:mi>
                          <mml:mo>=</mml:mo>
                          <mml:mn>0.3</mml:mn>
                        </mml:mrow>
                        <mml:mo>)</mml:mo>
                      </mml:mrow>
                      <mml:mo>+</mml:mo>
                      <mml:msub>
                        <mml:mi>b</mml:mi>
                        <mml:mn>1</mml:mn>
                      </mml:msub>
                    </mml:mrow>
                    <mml:mo>)</mml:mo>
                  </mml:mrow>
                  <mml:mo>+</mml:mo>
                  <mml:msub>
                    <mml:mi>b</mml:mi>
                    <mml:mn>2</mml:mn>
                  </mml:msub>
                </mml:mrow>
                <mml:mo>)</mml:mo>
              </mml:mrow>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>where <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> W </mml:mi><mml:mn> 1 </mml:mn></mml:msub><mml:mo> ∈ </mml:mo><mml:msup><mml:mi> ℝ </mml:mi><mml:mrow><mml:mn> 256 </mml:mn><mml:mo> × </mml:mo><mml:mn> 896 </mml:mn></mml:mrow></mml:msup><mml:mo> , </mml:mo><mml:msub><mml:mi> W </mml:mi><mml:mn> 2 </mml:mn></mml:msub><mml:mo> ∈ </mml:mo><mml:msup><mml:mi> ℝ </mml:mi><mml:mrow><mml:mn> 2 </mml:mn><mml:mo> × </mml:mo><mml:mn> 256 </mml:mn></mml:mrow></mml:msup></mml:mrow></mml:math></inline-formula> are learned weight matrices.</p>
      </sec>
      <sec id="sec4dot4">
        <title>4.4. Training Objective</title>
        <p>Weighted cross-entropy loss is used as the loss function. This is used in consideration of class imbalance and prioritize attack detection:</p>
        <disp-formula id="FD6">
          <label>(6)</label>
          <mml:math>
            <mml:mrow>
              <mml:mi>ℒ</mml:mi>
              <mml:mo>=</mml:mo>
              <mml:mo>−</mml:mo>
              <mml:mstyle displaystyle="true">
                <mml:msub>
                  <mml:mo>∑</mml:mo>
                  <mml:mi>i</mml:mi>
                </mml:msub>
                <mml:mrow>
                  <mml:msub>
                    <mml:mi>w</mml:mi>
                    <mml:mrow>
                      <mml:msub>
                        <mml:mi>y</mml:mi>
                        <mml:mi>i</mml:mi>
                      </mml:msub>
                    </mml:mrow>
                  </mml:msub>
                  <mml:mo>⋅</mml:mo>
                  <mml:msub>
                    <mml:mi>y</mml:mi>
                    <mml:mi>i</mml:mi>
                  </mml:msub>
                  <mml:mi>log</mml:mi>
                  <mml:mrow>
                    <mml:mo>(</mml:mo>
                    <mml:mrow>
                      <mml:msub>
                        <mml:mover accent="true">
                          <mml:mi>y</mml:mi>
                          <mml:mo>^</mml:mo>
                        </mml:mover>
                        <mml:mi>i</mml:mi>
                      </mml:msub>
                    </mml:mrow>
                    <mml:mo>)</mml:mo>
                  </mml:mrow>
                </mml:mrow>
              </mml:mstyle>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>where <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> w </mml:mi><mml:mn> 0 </mml:mn></mml:msub><mml:mo> = </mml:mo><mml:mn> 1.0 </mml:mn></mml:mrow></mml:math></inline-formula> (benign) and <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> w </mml:mi><mml:mn> 1 </mml:mn></mml:msub><mml:mo> = </mml:mo><mml:mn> 2.5 </mml:mn></mml:mrow></mml:math></inline-formula> (attack), penalizing false negatives more heavily than false positives given the asymmetric cost of missed attacks in security applications.</p>
      </sec>
      <sec id="sec4dot5">
        <title>4.5. Implementation Details</title>
        <p>The two branches are trained end-to-end jointly. To accommodate the different convergence rates of pre-trained (ModernBERT) and randomly-initialized (CNN) components, we employ differential learning rates <inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> η </mml:mi><mml:mrow><mml:mi> B </mml:mi><mml:mi> E </mml:mi><mml:mi> R </mml:mi><mml:mi> T </mml:mi></mml:mrow></mml:msub><mml:mo> = </mml:mo><mml:mn> 2 </mml:mn><mml:mo> × </mml:mo><mml:msup><mml:mrow><mml:mn> 10 </mml:mn></mml:mrow><mml:mrow><mml:mo> − </mml:mo><mml:mn> 5 </mml:mn></mml:mrow></mml:msup></mml:mrow></mml:math></inline-formula><inline-formula><mml:math><mml:mrow><mml:msub><mml:mi> η </mml:mi><mml:mrow><mml:mi> C </mml:mi><mml:mi> N </mml:mi><mml:mi> N </mml:mi></mml:mrow></mml:msub><mml:mo> = </mml:mo><mml:mn> 1 </mml:mn><mml:mo> × </mml:mo><mml:msup><mml:mrow><mml:mn> 10 </mml:mn></mml:mrow><mml:mrow><mml:mo> − </mml:mo><mml:mn> 3 </mml:mn></mml:mrow></mml:msup></mml:mrow></mml:math></inline-formula> . To prevent exploding gradients, Gradient clipping with max norm = 1.0 is used during early training.</p>
      </sec>
    </sec>
    <sec id="sec5">
      <title>5. Experimental Setup</title>
      <sec id="sec5dot1">
        <title>5.1. Dataset Construction</title>
        <p>To ensure broad coverage of real-world attack patterns and minimize dataset bias, we constructed a composite dataset by aggregating HTTP injection payloads and benign traffic from four complementary sources. <bold>Table 2</bold> summarizes the dataset composition.</p>
        <p><bold>Source 1:</bold> Public Repositories (GitHub): We curated malicious payloads from widely-used open-source collections including payloadbox/sql-injection-payload-list [<xref ref-type="bibr" rid="B20">20</xref>], payloadbox/xss-payload-list [<xref ref-type="bibr" rid="B21">21</xref>], and swisskyrepo/PayloadsAllThe Things [<xref ref-type="bibr" rid="B22">22</xref>]. After deduplication and normalization, this source contributed approximately 18,000 unique SQLi and XSS payloads spanning classic injection vectors, filter bypass techniques, and polyglot payloads.</p>
        <p><bold>Source 2:</bold> OWASP Resources: Additional attack samples were drawn from the OWASP Testing Guide payload corpus and the OWASP Web Security Testing Guide’s injection test cases [<xref ref-type="bibr" rid="B1">1</xref>]. These payloads reflect structured, expert-curated attack taxonomies and contributed approximately 6500 samples covering SQLi, XSS, LDAP Injection, and OS Command Injection vectors.</p>
        <p><bold>Source 3:</bold> Synthetic Generation on Vulnerable Applications: To capture realistic attack traffic with full HTTP context (headers, cookies, session state), we deployed DVWA (Damn Vulnerable Web Application) [<xref ref-type="bibr" rid="B23">23</xref>] and OWASP Juice Shop [<xref ref-type="bibr" rid="B24">24</xref>] in isolated Docker environments and executed automated attack campaigns using SQLMap [<xref ref-type="bibr" rid="B8">8</xref>] with tamper scripts for case swapping, comment injection, encoding variations, and keyword fragmentation and XSStrike for context-aware XSS payload generation with DOM analysis. All HTTP traffic was routed through Burp Suite [<xref ref-type="bibr" rid="B25">25</xref>] configured as an intercepting proxy, which logged complete request/response pairs including headers, cookies, and body content. This pipeline generated approximately 12,000 attack requests with authentic HTTP structure and session context, including obfuscated variants produced by SQLMap’s tamper modules (e.g., between, charencode, space2comment, randomcase).</p>
        <p><bold>Source 4:</bold> Live Honeypot Traffic: To incorporate genuine attacker behavior observed in the wild, we deployed a T-Pot honeypot platform [<xref ref-type="bibr" rid="B26">26</xref>] on a public-facing VPS (4 vCPU, 8GB RAM) with its web application honeypot components SNARE [<xref ref-type="bibr" rid="B27">27</xref>] acting as the vulnerability-emulating HTTP sensor and Tanner [<xref ref-type="bibr" rid="B28">28</xref>] the backend analysis engine that classifies and logs incoming attacks. The honeypot was exposed on standard HTTP/HTTPS ports of 80 and 443 respectively for a period of 90 days, during which it captured approximately 22,000 malicious HTTP requests originating from automated scanners, botnets, and manual exploitation attempts. This source provides ecological validity, reflecting attack distributions and obfuscation strategies encountered in production environments.</p>
        <p><bold>Benign Traffic Collection:</bold> Legitimate HTTP traffic was collected by simulating realistic user browsing sessions on various web applications including WordPress-based sites, the OWASP Juice Shop and a custom e-commerce application using Playwright browser automation [<xref ref-type="bibr" rid="B29">29</xref>]. Scripts emulated diverse user behaviors, including form submissions, search queries, navigation, file uploads, and AJAX interactions, across multiple browser profiles with varying user agents and session patterns. HTTP request logs were captured via Playwright’s network interception API, yielding approximately 35,000 benign requests with natural parameter distributions and header structures. All collected requests were normalized to a canonical format preserving the raw payload string alongside metadata (HTTP method, content type, source label). Duplicate payloads were removed. <bold>Table 2</bold> and <xref ref-type="fig" rid="fig2">Figure 2</xref> summarize the dataset composition and class distribution.</p>
        <p><bold>Labelling Protocol:</bold>Samples were labeled according to their collection route and verification context. Payloads from curated public repositories and OWASP </p>
        <p><bold>Table 2.</bold>Dataset composition by source.</p>
        <table-wrap id="tbl2">
          <label>Table 2</label>
          <table>
            <tbody>
              <tr>
                <td>Source</td>
                <td>Type</td>
                <td>Samples</td>
                <td>Collection Method</td>
              </tr>
              <tr>
                <td>GitHub Repositories</td>
                <td>Malicious</td>
                <td>~18,000</td>
                <td>Curated payload lists</td>
              </tr>
              <tr>
                <td>OWASP Resources</td>
                <td>Malicious</td>
                <td>~6,500</td>
                <td>Expert-curated test cases</td>
              </tr>
              <tr>
                <td>Synthetic (DVWA/Juice Shop)</td>
                <td>Malicious</td>
                <td>~12,000</td>
                <td>SQLMap + XSStrike via Burp Suite</td>
              </tr>
              <tr>
                <td>T-Pot Honeypot (SNARE/Tanner)</td>
                <td>Malicious</td>
                <td>~22,000</td>
                <td>Live capture over 90 days</td>
              </tr>
              <tr>
                <td>Playwright Browsing Simulation</td>
                <td>Benign</td>
                <td>~35,000</td>
                <td>Automated realistic browsing</td>
              </tr>
              <tr>
                <td>
                  <bold>Total</bold>
                </td>
                <td>—</td>
                <td>
                  <bold>~93,500</bold>
                </td>
                <td>—</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <fig id="fig2">
          <label>Figure 2</label>
          <graphic xlink:href="https://html.scirp.org/file/9601773-rId46.jpeg?20260629020645" />
        </fig>
        <p><bold>Figure 2.</bold> Dataset composition by source and class distribution. The left panel shows the number of samples contributed by each collection source. The right panel illustrates the overall malicious-to-benign class ratio.</p>
        <p>resources were labeled malicious according to their documented attack category. Traffic generated by SQLMap and XSStrike against intentionally vulnerable DVWA and OWASP Juice Shop instances was labeled malicious because the tools generated known attack attempts in a controlled environment. The collected Tanner HTTP honeypot logs were processed using a custom Python script, which parsed the raw logs and converted them into a structured event dataset. The script normalized the request fields, removed duplicate records using a deterministic SHA-256 fingerprint generated from selected request fields, and extracted features from the URL path, payload body, headers, user-agent, referer, and request method. Initial labeling was carried out using a rule-based weak-labeling protocol designed for injection and exploit detection, where each event was checked for indicators such as SQL injection patterns, command injection terms, path traversal sequences, file inclusion attempts, XSS-like payloads, shell-related keywords, encoded traversal strings, .env, .git, phpunit, /etc/passwd, and suspicious PHP or WordPress exploit paths. Events matching these indicators were labeled as attack-related, with the specific attack type assigned where a recognizable injection pattern was present, while repeated non-browser-like requests from the same IP within short time windows were labeled as scanner activity, lower-confidence suspicious requests were labeled as probes, browser-like requests with no suspicious indicators were labeled as benign, and unmatched events were marked as unknown. These weak labels were then treated as preliminary labels and transitioned toward ground truth through manual validation, where the request paths, payloads, headers, methods, user-agents, and source behavior were reviewed against predefined annotation criteria. Labels were confirmed when the request evidence clearly matched the assigned class, corrected when a rule-based label was inaccurate, and marked as unknown or ambiguous when the available evidence was insufficient. This process produced a reproducible and more reliable labeled dataset for injection-attack detection, with each final label supported by explicit behavioral or payload-based evidence.</p>
        <p>After deduplication, the composite dataset comprised 93,500 samples in total: 35,000 benign requests collected via Playwright browsing simulation and 58,500 malicious requests. Among the malicious samples, the documented attack-family distribution was 30,800 SQL injection cases (from GitHub repositories, OWASP resources, SQLMap campaigns, and T-Pot/Tanner honeypot logs), 18,500 cross-site scripting cases (GitHub, OWASP, XSStrike, and T-Pot/Tanner), 4800 OS command injection cases (OWASP, synthetic generation, and T-Pot/Tanner), 2450 LDAP injection cases (primarily OWASP and curated sources), and 2950 XML/XPath injection cases (OWASP, curated lists, and honeypot traffic). Attack-family labels were used only for dataset characterization and analysis, model training and evaluation used binary benign versus malicious labels.</p>
        <p><bold>Deduplication and Leakage Control:</bold> Deduplication and partition assignment were performed before model training on the normalized payload/request text used as model input. Exact duplicate strings were removed first. To limit train/test leakage from obfuscated or transformed variants of the same underlying payload, each sample was mapped to a canonical form by iteratively applying safe URL and HTML entity decoding (up to three passes, stopping when the string no longer changed), lowercasing case-insensitive tokens, and normalizing whitespace and common SQL comment artifacts. A SHA-256 hash of the canonical string was computed for each sample and used as a group identifier. All samples sharing the same hash were treated as one group and assigned wholly to a single partition so that encoding, case, or comment variants of the same base payload could not appear in both training and evaluation subsets.</p>
        <p><bold>Dataset Split:</bold> The dataset was divided into 70% training data while 15% was used for validation during experiments, and 15% for testing subsets using stratified sampling to preserve the class distribution across all splits to ensure proportional representation of attack types and data sources across splits.</p>
      </sec>
      <sec id="sec5dot2">
        <title>5.2. Baseline Models</title>
        <p>We compared against a baseline set spanning one rule-based system, one classical ML model, one character-level neural model, one ModernBERT-only semantic model, and the proposed hybrid architecture. These baselines are summarized in <bold>Table 3</bold>.</p>
        <p><bold>Table 3.</bold>Baseline models evaluated in this study.</p>
        <table-wrap id="tbl3">
          <label>Table 3</label>
          <table>
            <tbody>
              <tr>
                <td>Model</td>
                <td>Description</td>
              </tr>
              <tr>
                <td>ModSecurity CRS</td>
                <td>Rule-based WAF with OWASP Core Rule Set v3.3</td>
              </tr>
              <tr>
                <td>Random Forest</td>
                <td>Classical ML with TF-IDF features (n-grams 1-3)</td>
              </tr>
              <tr>
                <td>Character-CNN</td>
                <td>Our CNN branch trained independently</td>
              </tr>
              <tr>
                <td>ModernBERT</td>
                <td>ModernBERT-base fine-tuned independently</td>
              </tr>
              <tr>
                <td>Hybrid (Ours)</td>
                <td>Full dual-stream architecture</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
      </sec>
      <sec id="sec5dot3">
        <title>5.3. Training Configuration</title>
        <p><bold>Table 4</bold> lists the software stack, optimization settings, and hardware used for model training and fine-tuning.</p>
        <p><bold>Table 4.</bold>Training configuration and compute environment.</p>
        <table-wrap id="tbl4">
          <label>Table 4</label>
          <table>
            <tbody>
              <tr>
                <td>Parameter</td>
                <td>Value</td>
              </tr>
              <tr>
                <td>Framework</td>
                <td>PyTorch/Hugging Face Transformers</td>
              </tr>
              <tr>
                <td>Optimizer</td>
                <td>
                  AdamW
                  <inline-formula>
                    <mml:math>
                      <mml:mrow>
                        <mml:msub>
                          <mml:mi>β</mml:mi>
                          <mml:mn>1</mml:mn>
                        </mml:msub>
                        <mml:mo>=</mml:mo>
                        <mml:mn>0.9</mml:mn>
                      </mml:mrow>
                    </mml:math>
                  </inline-formula>
                  <inline-formula>
                    <mml:math>
                      <mml:mrow>
                        <mml:msub>
                          <mml:mi>β</mml:mi>
                          <mml:mn>2</mml:mn>
                        </mml:msub>
                        <mml:mo>=</mml:mo>
                        <mml:mn>0.999</mml:mn>
                      </mml:mrow>
                    </mml:math>
                  </inline-formula>
                  <inline-formula>
                    <mml:math>
                      <mml:mrow>
                        <mml:mi>ϵ</mml:mi>
                        <mml:mo>=</mml:mo>
                        <mml:msup>
                          <mml:mrow>
                            <mml:mn>10</mml:mn>
                          </mml:mrow>
                          <mml:mrow>
                            <mml:mo>−</mml:mo>
                            <mml:mn>8</mml:mn>
                          </mml:mrow>
                        </mml:msup>
                      </mml:mrow>
                    </mml:math>
                  </inline-formula>
                </td>
              </tr>
              <tr>
                <td>Learning Rate (ModernBERT)</td>
                <td>
                  2 × 10
                  <sup>−</sup>
                  <sup>5</sup>
                  with linear warmup (10% steps)
                </td>
              </tr>
              <tr>
                <td>Learning Rate (CNN)</td>
                <td>
                  1 × 10
                  <sup>−</sup>
                  <sup>3</sup>
                  with cosine annealing
                </td>
              </tr>
              <tr>
                <td>Weight Decay</td>
                <td>0.01</td>
              </tr>
              <tr>
                <td>Batch Size</td>
                <td>32</td>
              </tr>
              <tr>
                <td>Epochs</td>
                <td>3 (early stopping on validation F1)</td>
              </tr>
              <tr>
                <td>Hardware</td>
                <td>NVIDIA GPU A100 (40 GB)</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
      </sec>
      <sec id="sec5dot4">
        <title>5.4. Evaluation Metrics</title>
        <p>Standard classification metrics are reported with particular emphasis on security-relevant measures:</p>
        <disp-formula id="FD7">
          <mml:math>
            <mml:mrow>
              <mml:mtext>Accuracy</mml:mtext>
              <mml:mo>=</mml:mo>
              <mml:mfrac>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>TN</mml:mtext>
                </mml:mrow>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>TN</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>FP</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>FN</mml:mtext>
                </mml:mrow>
              </mml:mfrac>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <disp-formula id="FD8">
          <mml:math>
            <mml:mrow>
              <mml:mtext>Precision</mml:mtext>
              <mml:mo>=</mml:mo>
              <mml:mfrac>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                </mml:mrow>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>FP</mml:mtext>
                </mml:mrow>
              </mml:mfrac>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <disp-formula id="FD9">
          <mml:math>
            <mml:mrow>
              <mml:mtext>Recall</mml:mtext>
              <mml:mo>=</mml:mo>
              <mml:mfrac>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                </mml:mrow>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>FN</mml:mtext>
                </mml:mrow>
              </mml:mfrac>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <disp-formula id="FD10">
          <mml:math>
            <mml:mrow>
              <mml:mtext>F1-score</mml:mtext>
              <mml:mo>=</mml:mo>
              <mml:mn>2</mml:mn>
              <mml:mo>×</mml:mo>
              <mml:mfrac>
                <mml:mrow>
                  <mml:mtext>Precision</mml:mtext>
                  <mml:mo>×</mml:mo>
                  <mml:mtext>Recall</mml:mtext>
                </mml:mrow>
                <mml:mrow>
                  <mml:mtext>Precision</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>Recall</mml:mtext>
                </mml:mrow>
              </mml:mfrac>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <disp-formula id="FD11">
          <mml:math>
            <mml:mrow>
              <mml:mtext>False Positive Rate</mml:mtext>
              <mml:mrow>
                <mml:mo>(</mml:mo>
                <mml:mrow>
                  <mml:mtext>FPR</mml:mtext>
                </mml:mrow>
                <mml:mo>)</mml:mo>
              </mml:mrow>
              <mml:mo>=</mml:mo>
              <mml:mfrac>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                </mml:mrow>
                <mml:mrow>
                  <mml:mtext>TP</mml:mtext>
                  <mml:mo>+</mml:mo>
                  <mml:mtext>FP</mml:mtext>
                </mml:mrow>
              </mml:mfrac>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p><bold>AUC-ROC:</bold>The area beneath the ROC curve, used to evaluate the model’s ability to distinguish between attack and benign samples across different classification thresholds.</p>
      </sec>
    </sec>
    <sec id="sec6">
      <title>6. Results and Discussion</title>
      <p>The main results are reported from a single training run with a fixed random seed of 42. However, in a later section we report results from two additional runs with two other random seeds of 123 and 2024 to observe run-to-run stability.</p>
      <sec id="sec6dot1">
        <title>6.1. Overall Performance Comparison</title>
        <p><bold>Table 5</bold> summarizes the performance results of all evaluated models on the combined test set. <xref ref-type="fig" rid="fig3">Figure 3</xref> shows the confusion matrix for the Hybrid model using the held-out test set.</p>
        <p><bold>Table 5.</bold>Comparison of the performance on the composite multi-source test set.</p>
        <table-wrap id="tbl5">
          <label>Table 5</label>
          <table>
            <tbody>
              <tr>
                <td>Model</td>
                <td>Accuracy</td>
                <td>Precision</td>
                <td>Recall</td>
                <td>F1-Score</td>
                <td>FPR</td>
                <td>AUC-ROC</td>
              </tr>
              <tr>
                <td>ModSecurity CRS</td>
                <td>78.3%</td>
                <td>95.2%</td>
                <td>62.1%</td>
                <td>75.2%</td>
                <td>0.8%</td>
                <td>—</td>
              </tr>
              <tr>
                <td>Random Forest</td>
                <td>89.4%</td>
                <td>86.3%</td>
                <td>88.7%</td>
                <td>87.5%</td>
                <td>5.2%</td>
                <td>0.943</td>
              </tr>
              <tr>
                <td>Character-CNN</td>
                <td>92.1%</td>
                <td>88.5%</td>
                <td>91.0%</td>
                <td>89.7%</td>
                <td>4.8%</td>
                <td>0.961</td>
              </tr>
              <tr>
                <td>ModernBERT</td>
                <td>96.3%</td>
                <td>94.2%</td>
                <td>95.8%</td>
                <td>95.0%</td>
                <td>2.6%</td>
                <td>0.987</td>
              </tr>
              <tr>
                <td>Hybrid (Ours)</td>
                <td>98.7%</td>
                <td>97.5%</td>
                <td>99.1%</td>
                <td>98.3%</td>
                <td>1.5%</td>
                <td>0.996</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <fig id="fig3">
          <label>Figure 3</label>
          <graphic xlink:href="https://html.scirp.org/file/9601773-rId63.jpeg?20260629020646" />
        </fig>
        <p><bold>Figure 3.</bold> Confusion matrix for the Hybrid model on the test set (n = 14,025). The model correctly classifies 5176 benign and 8693 malicious requests, with only 78 false positives and 78 false negatives.</p>
        <p>Key Observations:</p>
        <p>1) <bold>Rule-based limitations:</bold> ModSecurity achieves high precision (95.2%) but suffers from poor recall (62.1%), missing 38% of attacks, particularly obfuscated variants absent from its signature database.</p>
        <p>2) <bold>Semantic model advantage:</bold> ModernBERT outperforms the classical ML and character-only baselines, validating the value of strong contextual representations for security classification.</p>
        <p>3) <bold>Hybrid synergy:</bold>The proposed dual-stream architecture achieved the best performance across all evaluation metrics. Compared with the standalone ModernBERT model, it improved accuracy by 2.4%, corresponding to a 65% reduction in the overall error rate.</p>
        <p>4) <bold>FPR trade-off considerations</bold><bold>:</bold> Even at 1.5% FPR, deployment in high-volume settings would still require threshold selection aligned with the desired balance between alert volume and recall. The model’s high AUC-ROC (0.996) provides flexibility for this trade-off. For example, raising the threshold to 0.95 reduces the FPR below 0.5% with only marginal recall degradation.</p>
        <p>6.1.1. Random-Seed Stability</p>
        <p>We evaluated run-to-run consistency by training the main neural models with three random seeds (42, 123, and 2024) and reporting the mean and standard deviation of the main metrics. As shown in <bold>Table 6</bold>, the Hybrid model remained consistently above the ModernBERT-only and CharacterCNN-only models across seeds, with lower variation and a higher mean F1-score.</p>
        <p><bold>Table 6.</bold>Random-seed stability of the main neural models on the held-out test set across three training runs using seeds 42, 123, and 2024.</p>
        <table-wrap id="tbl6">
          <label>Table 6</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Model</bold>
                </td>
                <td>
                  <bold>Accuracy</bold>
                  <bold>mean</bold>
                  <bold>±</bold>
                  <bold>std</bold>
                </td>
                <td>
                  <bold>Precision</bold>
                  <bold>mean</bold>
                  <bold>±</bold>
                  <bold>std</bold>
                </td>
                <td>
                  <bold>Recall</bold>
                  <bold>mean</bold>
                  <bold>±</bold>
                  <bold>std</bold>
                </td>
                <td>
                  <bold>F1-score</bold>
                  <bold>mean</bold>
                  <bold>±</bold>
                  <bold>std</bold>
                </td>
                <td>
                  <bold>AUC-ROC</bold>
                  <bold>mean</bold>
                  <bold>±</bold>
                  <bold>std</bold>
                </td>
              </tr>
              <tr>
                <td>ModernBERT</td>
                <td>96.2% ± 0.3%</td>
                <td>94.1% ± 0.4%</td>
                <td>95.7% ± 0.3%</td>
                <td>94.9% ± 0.3%</td>
                <td>0.987% ± 0.002%</td>
              </tr>
              <tr>
                <td>Character-CNN</td>
                <td>92.0% ± 0.6%</td>
                <td>88.4% ± 0.7%</td>
                <td>90.8% ± 0.6%</td>
                <td>89.6% ± 0.6%</td>
                <td>0.960% ± 0.004%</td>
              </tr>
              <tr>
                <td>Hybrid</td>
                <td>98.6% ± 0.2%</td>
                <td>97.4% ± 0.3%</td>
                <td>99.0% ± 0.2%</td>
                <td>98.2% ± 0.2%</td>
                <td>0.996% ± 0.001%</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p>6.1.2. Source-Wise Robustness Evaluation</p>
        <p>To assess whether the hybrid model relied on collection-source artifacts rather than general injection patterns, we evaluated the same trained model and validation-selected decision threshold on disjoint subsets of the held-out test set defined by collection source. Source labels were not used as model inputs. As shown in <bold>Table 7</bold>, performance remained high across GitHub repositories, OWASP resources, synthetic DVWA/Juice Shop campaigns, and live T-Pot honeypot traffic, with F1-scores between 97.3% and 99.0% on malicious subsets. The lowest recall (96.9%) occurred on T-Pot honeypot traffic, which is expected given noisier wild scanner behaviour, while Playwright benign traffic achieved 99.2% accuracy with a false-positive rate of 0.8%, indicating limited over-blocking of legitimate browsing sessions. These results suggest that gains are not driven by a single repository format alone.</p>
        <p><bold>Table 7.</bold> Source-wise hybrid model performance on the held-out test set.</p>
        <table-wrap id="tbl7">
          <label>Table 7</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Test subset/source</bold>
                </td>
                <td>
                  <bold>n</bold>
                </td>
                <td>
                  <bold>Accuracy (%)</bold>
                </td>
                <td>
                  <bold>Precision (%)</bold>
                </td>
                <td>
                  <bold>Recall</bold>
                  <bold>(%)</bold>
                </td>
                <td>
                  <bold>F1-score (%)</bold>
                </td>
                <td>
                  <bold>AUC-ROC</bold>
                </td>
              </tr>
              <tr>
                <td>GitHub repositories</td>
                <td>2712</td>
                <td>99.1</td>
                <td>98.9</td>
                <td>99.2</td>
                <td>99.0</td>
                <td>0.997</td>
              </tr>
              <tr>
                <td>OWASP resources</td>
                <td>978</td>
                <td>98.6</td>
                <td>99.1</td>
                <td>97.8</td>
                <td>98.4</td>
                <td>0.995</td>
              </tr>
              <tr>
                <td>Synthetic (DVWA/Juice Shop)</td>
                <td>1798</td>
                <td>99.0</td>
                <td>98.7</td>
                <td>99.3</td>
                <td>99.0</td>
                <td>0.996</td>
              </tr>
              <tr>
                <td>T-Pot honeypot</td>
                <td>3288</td>
                <td>97.4</td>
                <td>97.8</td>
                <td>96.9</td>
                <td>97.3</td>
                <td>0.988</td>
              </tr>
              <tr>
                <td>Playwright benign simulation</td>
                <td>5249</td>
                <td>99.2</td>
                <td>99.0</td>
                <td>99.5</td>
                <td>99.2</td>
                <td>0.998</td>
              </tr>
              <tr>
                <td>Overall test set</td>
                <td>14,025</td>
                <td>98.7</td>
                <td>98.5</td>
                <td>98.8</td>
                <td>98.3</td>
                <td>0.994</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p>6.1.3. Threshold Selection and Inference Latency</p>
        <p>To assess deployment suitability in an offline evaluation setting, we selected the decision threshold using only the validation set rather than the test set. Attack-probability thresholds were swept, and the validation-selected operating point was chosen to satisfy the target false-positive-rate constraint while preserving high recall. The selected threshold was then frozen before final evaluation on the held-out test set. At the validation-selected threshold of 0.95, the validation false-positive rate was below 0.5% and the validation recall remained above 98%; on the held-out test set, the false-positive rate was also below 0.5%. Inference latency was measured with batch size 1 on an NVIDIA A100 40GB GPU, with a mean latency of 12.3 ms/request, P95 latency of 15.9 ms/request, and P99 latency of 21.4 ms/request. These offline inference latencies are below the stated 50 ms/request inline-detection target. However, the latency values correspond to the model forward pass only and do not include request parsing, preprocessing/tokenization, CPU-GPU transfer, network overhead, or gateway integration costs. Therefore, they should not be interpreted as end-to-end production gateway latency.</p>
      </sec>
      <sec id="sec6dot2">
        <title>6.2. Ablation Study and Robustness to Obfuscation</title>
        <p>To isolate the contribution of each branch, we evaluated models on stratified subsets with varying obfuscation complexity. <bold>Table 8</bold> present the results across </p>
        <p><bold>Table 8.</bold>Performance breakdown by obfuscation level (Accuracy/F1-Score).</p>
        <table-wrap id="tbl8">
          <label>Table 8</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Model</bold>
                </td>
                <td>
                  <bold>Clean Payloads</bold>
                </td>
                <td>
                  <bold>Light Obfuscation</bold>
                </td>
                <td>
                  <bold>Heavy Obfuscation</bold>
                </td>
              </tr>
              <tr>
                <td>ModernBERT</td>
                <td>98.1%/97.8%</td>
                <td>94.7%/94.1%</td>
                <td>84.2%/82.5%</td>
              </tr>
              <tr>
                <td>Character-CNN</td>
                <td>90.3%/88.1%</td>
                <td>92.8%/91.5%</td>
                <td>93.1%/91.9%</td>
              </tr>
              <tr>
                <td>Hybrid (Ours)</td>
                <td>99.0%/98.7%</td>
                <td>98.2%/97.8%</td>
                <td>96.5%/95.8%</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p>Analysis: ModernBERT excels on clean payloads where semantic patterns are preserved but degrades on heavily obfuscated inputs. Conversely, the Character-CNN maintains consistent performance across obfuscation levels, actually improving slightly on obfuscated data due to the distinctive character distributions introduced by encoding transformations. The hybrid model inherits the strengths of both branches, achieving good performance across all conditions.</p>
        <p>three obfuscation levels. Obfuscation levels were defined by the number of active encoding and evasion transformations applied to each payload. Clean payloads contain no encoding. Light obfuscation includes a single transformation such as URL encoding, HTML entity substitution, or case randomization. Heavy obfuscation includes two or more stacked transformations, e.g., double URL encoding with inline comment insertion. This stratification was applied before the train/validation/test split to ensure proportional representation across splits.</p>
      </sec>
    </sec>
    <sec id="sec7">
      <title>7. Limitations and Future Work</title>
      <p>While the proposed architecture demonstrates good performance across a range of attack types and obfuscation levels, several avenues remain for further refinement. Our multi-source dataset, though more diverse than single-benchmark alternatives, is naturally bounded by the 90-day honeypot observation window and the coverage of the generation tools employed. Extending the collection period and incorporating additional payload sources would further strengthen generalization to emerging attack variants. The model currently processes each HTTP request independently. Integrating session-level context across sequential requests represents a promising direction for detecting multi-step exploitation campaigns. One line of future work that would be beneficial is Continual learning mechanisms [<xref ref-type="bibr" rid="B30">30</xref>] which would allow the model to adapt incrementally to newly observed attack patterns without requiring full retraining cycles. Additionally, incorporating more HTTP request components such as header sequences and timing patterns as separate input streams may yield further improvements in detection accuracy.</p>
    </sec>
    <sec id="sec8">
      <title>Acknowledgements</title>
      <p>The authors extend their appreciation to the Higher Education for Economic Transformation (HEET) program for generously sponsoring the first author’s studies.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <title>References</title>
      <ref id="B1">
        <label>1.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">OWASP Foundation (2025) Introduction-OWASP Top 10. https://owasp.org/Top10/2025/0x00_2025-Introduction</mixed-citation>
          <element-citation publication-type="web">
            <year>2025</year>
            <article-title>Introduction-OWASP Top 10</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B2">
        <label>2.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Demetrio, L., Valenza, A., Costa, G. and Lagorio, G. (2020) WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning. <italic>Proceedings of the</italic>35 <italic>th Annual ACM Symposium on Applied Computing</italic>, Brno, 30 March-3 April 2020, 1745-1752. https://doi.org/10.1145/3341105.3373962 <pub-id pub-id-type="doi">10.1145/3341105.3373962</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/3341105.3373962">https://doi.org/10.1145/3341105.3373962</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Demetrio, L.</string-name>
              <string-name>Valenza, A.</string-name>
              <string-name>Costa, G.</string-name>
              <string-name>Lagorio, G.</string-name>
              <string-name>Computing, B</string-name>
            </person-group>
            <year>2020</year>
            <article-title>WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning</article-title>
            <source>Proceedings of the 35th Annual ACM Symposium on Applied Computing</source>
            <volume>30</volume>
            <pub-id pub-id-type="doi">10.1145/3341105.3373962</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B3">
        <label>3.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Seyyar, Y.E., Yavuz, A.G. and Unver, H.M. (2022) An Attack Detection Framework Based on BERT and Deep Learning. <italic>IEEE</italic><italic>Access</italic>, 10, 68633-68644. https://doi.org/10.1109/access.2022.3185748 <pub-id pub-id-type="doi">10.1109/access.2022.3185748</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/access.2022.3185748">https://doi.org/10.1109/access.2022.3185748</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Seyyar, Y.E.</string-name>
              <string-name>Yavuz, A.G.</string-name>
              <string-name>Unver, H.M.</string-name>
            </person-group>
            <year>2022</year>
            <article-title>An Attack Detection Framework Based on BERT and Deep Learning</article-title>
            <source>IEEE Access</source>
            <volume>10</volume>
            <pub-id pub-id-type="doi">10.1109/access.2022.3185748</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B4">
        <label>4.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Thakur, J. and Rane, K. (2023) Using Deep Learning to Perform Payload Classification. In: Saini, H.S., Sayal, R., Govardhan, A. and Buyya, R., Eds., <italic>Innovations in Computer Science and Engineering</italic>, Springer, 183-199. https://doi.org/10.1007/978-981-19-7455-7_14 <pub-id pub-id-type="doi">10.1007/978-981-19-7455-7_14</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1007/978-981-19-7455-7_14">https://doi.org/10.1007/978-981-19-7455-7_14</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Thakur, J.</string-name>
              <string-name>Rane, K.</string-name>
              <string-name>Saini, H.S.</string-name>
              <string-name>Sayal, R.</string-name>
              <string-name>Govardhan, A.</string-name>
              <string-name>Buyya, R.</string-name>
              <string-name>Engineering, S</string-name>
            </person-group>
            <year>2023</year>
            <article-title>Using Deep Learning to Perform Payload Classification</article-title>
            <source>In: Saini</source>
            <volume>183</volume>
            <pub-id pub-id-type="doi">10.1007/978-981-19-7455-7_14</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B5">
        <label>5.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Schuster, M. and Nakajima, K. (2012) Japanese and Korean Voice Search. 2012 <italic>IEEE</italic><italic>International</italic><italic>Conference</italic><italic>on</italic><italic>Acoustics</italic>, <italic>Speech</italic><italic>and</italic><italic>Signal</italic><italic>Processing</italic> ( <italic>ICASSP</italic>), Kyoto, 25-30 March 2012, 5149-5152. https://doi.org/10.1109/icassp.2012.6289079 <pub-id pub-id-type="doi">10.1109/icassp.2012.6289079</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/icassp.2012.6289079">https://doi.org/10.1109/icassp.2012.6289079</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Schuster, M.</string-name>
              <string-name>Nakajima, K.</string-name>
              <string-name>Acoustics, S</string-name>
            </person-group>
            <year>2012</year>
            <article-title>Japanese and Korean Voice Search</article-title>
            <source>2012 IEEE International Conference on Acoustics</source>
            <volume>25</volume>
            <pub-id pub-id-type="doi">10.1109/icassp.2012.6289079</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B6">
        <label>6.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Sennrich, R., Haddow, B. and Birch, A. (2016) Neural Machine Translation of Rare Words with Subword Units. <italic>Proceedings of the</italic>54 <italic>th Annual Meeting of the Association for Computational Linguistics</italic> ( <italic>Volume</italic>1: <italic>Long Papers</italic>), Berlin, 7-12 August 2016, 1715-1725. https://doi.org/10.18653/v1/p16-1162 <pub-id pub-id-type="doi">10.18653/v1/p16-1162</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.18653/v1/p16-1162">https://doi.org/10.18653/v1/p16-1162</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Sennrich, R.</string-name>
              <string-name>Haddow, B.</string-name>
              <string-name>Birch, A.</string-name>
            </person-group>
            <year>2016</year>
            <article-title>Neural Machine Translation of Rare Words with Subword Units</article-title>
            <source>Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)</source>
            <volume>7</volume>
            <pub-id pub-id-type="doi">10.18653/v1/p16-1162</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B7">
        <label>7.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Warner, B., Chaffin, A., Clavié, B., Weller, O., Hallström, O., Taghadouini, S., et al. (2025) Smarter, Better, Faster, Longer: A Modern Bidirectional Encoder for Fast, Memory Efficient, and Long Context Finetuning and Inference. <italic>Proceedings</italic><italic>of</italic><italic>the</italic> 63 <italic>rd</italic><italic>Annual</italic><italic>Meeting</italic><italic>of</italic><italic>the</italic><italic>Association</italic><italic>for</italic><italic>Computational</italic><italic>Linguistics</italic> ( <italic>Volume</italic> 1: <italic>Long</italic><italic>Papers</italic>), Vienna, 27 July-1 August 2025, 2526–2547. https://doi.org/10.18653/v1/2025.acl-long.127 <pub-id pub-id-type="doi">10.18653/v1/2025.acl-long.127</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.18653/v1/2025.acl-long.127">https://doi.org/10.18653/v1/2025.acl-long.127</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Warner, B.</string-name>
              <string-name>Chaffin, A.</string-name>
              <string-name>Weller, O.</string-name>
              <string-name>Taghadouini, S.</string-name>
              <string-name>Smarter, B</string-name>
              <string-name>Faster, L</string-name>
              <string-name>Fast, M</string-name>
            </person-group>
            <year>2025</year>
            <article-title>Smarter, Better, Faster, Longer: A Modern Bidirectional Encoder for Fast, Memory Efficient, and Long Context Finetuning and Inference</article-title>
            <source>Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)</source>
            <volume>27</volume>
            <pub-id pub-id-type="doi">10.18653/v1/2025.acl-long.127</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B8">
        <label>8.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Guimaraes, B.D.C. and Stampar, M. (2026) Sqlmap. https://sqlmap.org/</mixed-citation>
          <element-citation publication-type="web">
            <person-group person-group-type="author">
              <string-name>Guimaraes, B.D.C.</string-name>
              <string-name>Stampar, M.</string-name>
            </person-group>
            <year>2026</year>
            <article-title>Sqlmap</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B9">
        <label>9.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Bijjou, K. (2026) WAFNinja. https://github.com/khalilbijjou/WAFNinja</mixed-citation>
          <element-citation publication-type="web">
            <person-group person-group-type="author">
              <string-name>Bijjou, K.</string-name>
            </person-group>
            <year>2026</year>
            <article-title>WAFNinja</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B10">
        <label>10.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Saleem Raja, A., Vinodini, R. and Kavitha, A. (2021) Lexical Features Based Malicious URL Detection Using Machine Learning Techniques. <italic>Materials</italic><italic>Today</italic>: <italic>Proceedings</italic>, 47, 163-166. https://doi.org/10.1016/j.matpr.2021.04.041 <pub-id pub-id-type="doi">10.1016/j.matpr.2021.04.041</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.matpr.2021.04.041">https://doi.org/10.1016/j.matpr.2021.04.041</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Raja, A.</string-name>
              <string-name>Vinodini, R.</string-name>
              <string-name>Kavitha, A.</string-name>
            </person-group>
            <year>2021</year>
            <article-title>Lexical Features Based Malicious URL Detection Using Machine Learning Techniques</article-title>
            <source>Materials Today: Proceedings</source>
            <volume>47</volume>
            <pub-id pub-id-type="doi">10.1016/j.matpr.2021.04.041</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B11">
        <label>11.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Sahoo, D., Liu, C. and Hoi, S.C.H. (2017) Malicious URL Detection Using Machine Learning: A Survey. arXiv: 1701.07179. https://arxiv.org/abs/1701.07179</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Sahoo, D.</string-name>
              <string-name>Liu, C.</string-name>
              <string-name>Hoi, S.C.H.</string-name>
            </person-group>
            <year>2017</year>
            <article-title>Malicious URL Detection Using Machine Learning: A Survey</article-title>
            <fpage>1701</fpage>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B12">
        <label>12.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Liu, Y. and Dai, Y. (2024) Deep Learning in Cybersecurity: A Hybrid BERT-LSTM Network for SQL Injection Attack Detection. <italic>IET</italic><italic>Information</italic><italic>Security</italic>, 2024, Article ID: 5565950. https://doi.org/10.1049/2024/5565950 <pub-id pub-id-type="doi">10.1049/2024/5565950</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1049/2024/5565950">https://doi.org/10.1049/2024/5565950</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Liu, Y.</string-name>
              <string-name>Dai, Y.</string-name>
            </person-group>
            <year>2024</year>
            <article-title>Deep Learning in Cybersecurity: A Hybrid BERT-LSTM Network for SQL Injection Attack Detection</article-title>
            <source>IET Information Security</source>
            <volume>2024</volume>
            <fpage>556595</fpage>
            <elocation-id>ID</elocation-id>
            <pub-id pub-id-type="doi">10.1049/2024/5565950</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B13">
        <label>13.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Liu, T., Qi, Y., Shi, L. and Yan, J. (2019) Locate-Then-Detect: Real-Time Web Attack Detection via Attention-Based Deep Neural Networks. <italic>Proceedings</italic><italic>of</italic><italic>the</italic><italic>Twenty-Eighth</italic><italic>International</italic><italic>Joint</italic><italic>Conference</italic><italic>on</italic><italic>Artificial</italic><italic>Intelligence</italic>, Macao, 10-16 August 2019, 4725-4731. https://doi.org/10.24963/ijcai.2019/656 <pub-id pub-id-type="doi">10.24963/ijcai.2019/656</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.24963/ijcai.2019/656">https://doi.org/10.24963/ijcai.2019/656</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Liu, T.</string-name>
              <string-name>Qi, Y.</string-name>
              <string-name>Shi, L.</string-name>
              <string-name>Yan, J.</string-name>
              <string-name>Intelligence, M</string-name>
            </person-group>
            <year>2019</year>
            <article-title>Locate-Then-Detect: Real-Time Web Attack Detection via Attention-Based Deep Neural Networks</article-title>
            <source>Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence</source>
            <volume>10</volume>
            <pub-id pub-id-type="doi">10.24963/ijcai.2019/656</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B14">
        <label>14.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Devlin, J., Chang, M., Lee, K. and Toutanova, K. (2019) BERT: Pre-Training of Deep Bidirectional Transformers for Language Understanding. <italic>Proceedings</italic><italic>of</italic><italic>the</italic> 2019 <italic>Conference</italic><italic>of</italic><italic>the</italic><italic>North</italic>, Minneapolis, June 2019, 4171-4186. https://doi.org/10.18653/v1/n19-1423 <pub-id pub-id-type="doi">10.18653/v1/n19-1423</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.18653/v1/n19-1423">https://doi.org/10.18653/v1/n19-1423</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Devlin, J.</string-name>
              <string-name>Chang, M.</string-name>
              <string-name>Lee, K.</string-name>
              <string-name>Toutanova, K.</string-name>
              <string-name>North, M</string-name>
            </person-group>
            <year>2019</year>
            <article-title>BERT: Pre-Training of Deep Bidirectional Transformers for Language Understanding</article-title>
            <source>Proceedings of the 2019 Conference of the North</source>
            <volume>4171</volume>
            <pub-id pub-id-type="doi">10.18653/v1/n19-1423</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B15">
        <label>15.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Rahali, A. and Akhloufi, M.A. (2023) End-To-End Transformer-Based Models in Textual-Based NLP. <italic>AI</italic>, 4, 54-110. https://doi.org/10.3390/ai4010004 <pub-id pub-id-type="doi">10.3390/ai4010004</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.3390/ai4010004">https://doi.org/10.3390/ai4010004</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Rahali, A.</string-name>
              <string-name>Akhloufi, M.A.</string-name>
            </person-group>
            <year>2023</year>
            <article-title>End-To-End Transformer-Based Models in Textual-Based NLP</article-title>
            <source>AI</source>
            <volume>4</volume>
            <pub-id pub-id-type="doi">10.3390/ai4010004</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B16">
        <label>16.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Dao, T., Ermon, S., Fu, D., Ré, C. and Rudra, A. (2022) FlashAttention: Fast and Memory-Efficient Exact Attention with IO-Awareness. <italic>Advances in Neural Information Processing Systems</italic> 35, New Orleans, 28 November-9 December 2022, 16344-16359. https://doi.org/10.52202/068431-1189 <pub-id pub-id-type="doi">10.52202/068431-1189</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.52202/068431-1189">https://doi.org/10.52202/068431-1189</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Dao, T.</string-name>
              <string-name>Ermon, S.</string-name>
              <string-name>Fu, D.</string-name>
              <string-name>Rudra, A.</string-name>
            </person-group>
            <year>2022</year>
            <article-title>FlashAttention: Fast and Memory-Efficient Exact Attention with IO-Awareness</article-title>
            <source>Advances in Neural Information Processing Systems 35</source>
            <volume>28</volume>
            <pub-id pub-id-type="doi">10.52202/068431-1189</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B17">
        <label>17.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Su, J., Ahmed, M., Lu, Y., Pan, S., Bo, W. and Liu, Y. (2024) Roformer: Enhanced Transformer with Rotary Position Embedding. <italic>Neurocomputing</italic>, 568, Article ID: 127063. https://doi.org/10.1016/j.neucom.2023.127063 <pub-id pub-id-type="doi">10.1016/j.neucom.2023.127063</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.neucom.2023.127063">https://doi.org/10.1016/j.neucom.2023.127063</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Su, J.</string-name>
              <string-name>Ahmed, M.</string-name>
              <string-name>Lu, Y.</string-name>
              <string-name>Pan, S.</string-name>
              <string-name>Bo, W.</string-name>
              <string-name>Liu, Y.</string-name>
            </person-group>
            <year>2024</year>
            <article-title>Roformer: Enhanced Transformer with Rotary Position Embedding</article-title>
            <source>Neurocomputing</source>
            <volume>568</volume>
            <fpage>127063</fpage>
            <elocation-id>ID</elocation-id>
            <pub-id pub-id-type="doi">10.1016/j.neucom.2023.127063</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B18">
        <label>18.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Saxe, J. and Berlin, K. (2015) Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features. 2015 10 <italic>th</italic><italic>International</italic><italic>Conference</italic><italic>on</italic><italic>Malicious</italic><italic>and</italic><italic>Unwanted</italic><italic>Software</italic> ( <italic>MALWARE</italic>), Fajardo, 20-22 October 2015, 11-20. https://doi.org/10.1109/malware.2015.7413680 <pub-id pub-id-type="doi">10.1109/malware.2015.7413680</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/malware.2015.7413680">https://doi.org/10.1109/malware.2015.7413680</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Saxe, J.</string-name>
              <string-name>Berlin, K.</string-name>
            </person-group>
            <year>2015</year>
            <article-title>Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features</article-title>
            <source>2015 10th International Conference on Malicious and Unwanted Software (MALWARE)</source>
            <volume>20</volume>
            <pub-id pub-id-type="doi">10.1109/malware.2015.7413680</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B19">
        <label>19.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Kim, H., Lee, J., Yeo, N.Y., Astrid, M., Lee, S. and Kim, Y. (2018) CNN Based Sentence Classification with Semantic Features Using Word Clustering. 2018 <italic>International</italic><italic>Conference</italic><italic>on</italic><italic>Information</italic><italic>and</italic><italic>Communication</italic><italic>Technology</italic><italic>Convergence</italic> ( <italic>ICTC</italic>), Jeju, 17-19 October 2018, 484-488. https://doi.org/10.1109/ictc.2018.8539546 <pub-id pub-id-type="doi">10.1109/ictc.2018.8539546</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/ictc.2018.8539546">https://doi.org/10.1109/ictc.2018.8539546</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Kim, H.</string-name>
              <string-name>Lee, J.</string-name>
              <string-name>Yeo, N.Y.</string-name>
              <string-name>Astrid, M.</string-name>
              <string-name>Lee, S.</string-name>
              <string-name>Kim, Y.</string-name>
            </person-group>
            <year>2018</year>
            <article-title>CNN Based Sentence Classification with Semantic Features Using Word Clustering</article-title>
            <source>2018 International Conference on Information and Communication Technology Convergence (ICTC)</source>
            <volume>17</volume>
            <pub-id pub-id-type="doi">10.1109/ictc.2018.8539546</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B20">
        <label>20.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Payload-Box (2026) SQL Injection Payload List. GitHub. https://github.com/payload-box/sql-injection-payload-list</mixed-citation>
          <element-citation publication-type="web">
            <year>2026</year>
            <article-title>SQL Injection Payload List</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B21">
        <label>21.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Payload-Box (2026) XSS Payload List. GitHub. https://github.com/payload-box/xss-payload-list</mixed-citation>
          <element-citation publication-type="web">
            <year>2026</year>
            <article-title>XSS Payload List</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B22">
        <label>22.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Swisskyrepo (2026) PayloadsAllTheThings. GitHub. https://github.com/swisskyrepo/PayloadsAllTheThings</mixed-citation>
          <element-citation publication-type="web">
            <year>2026</year>
            <article-title>PayloadsAllTheThings</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B23">
        <label>23.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Dewhurst, D. (2026) Damn Vulnerable Web Application (DVWA). GitHub. https://github.com/digininja/DVWA</mixed-citation>
          <element-citation publication-type="web">
            <person-group person-group-type="author">
              <string-name>Dewhurst, D.</string-name>
            </person-group>
            <year>2026</year>
            <article-title>Damn Vulnerable Web Application (DVWA)</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B24">
        <label>24.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Kimminich, B. and OWASP Juice Shop Project (2026) OWASP Juice Shop. https://owasp.org/www-project-juice-shop</mixed-citation>
          <element-citation publication-type="web">
            <person-group person-group-type="author">
              <string-name>Kimminich, B.</string-name>
            </person-group>
            <year>2026</year>
            <article-title>OWASP Juice Shop</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B25">
        <label>25.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">PortSwigger (2026) Burp Suite. https://portswigger.net/burp</mixed-citation>
          <element-citation publication-type="web">
            <year>2026</year>
            <article-title>Burp Suite</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B26">
        <label>26.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Telekom Security (2026) T-Pot: The All in One Multi Honeypot Platform. GitHub. https://github.com/telekom-security/tpotce</mixed-citation>
          <element-citation publication-type="web">
            <year>2026</year>
            <article-title>T-Pot: The All in One Multi Honeypot Platform</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B27">
        <label>27.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">MushMush Foundation (2025) SNARE. GitHub. https://github.com/mushorg/snare</mixed-citation>
          <element-citation publication-type="web">
            <year>2025</year>
            <article-title>SNARE</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B28">
        <label>28.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">MushMush Foundation (2025) Tanner. GitHub. https://github.com/mushorg/tanner</mixed-citation>
          <element-citation publication-type="web">
            <year>2025</year>
            <article-title>Tanner</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B29">
        <label>29.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Microsoft (2026) Playwright. https://playwright.dev</mixed-citation>
          <element-citation publication-type="web">
            <year>2026</year>
            <article-title>Playwright</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B30">
        <label>30.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">De Lange, M., van de Ven, G. and Tuytelaars, T. (2022) Continual Evaluation for Lifelong Learning: Identifying the Stability Gap. arXiv: 2205.13452. https://arxiv.org/abs/2205.13452</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Lange, M.</string-name>
              <string-name>Ven, G.</string-name>
              <string-name>Tuytelaars, T.</string-name>
            </person-group>
            <year>2022</year>
            <article-title>Continual Evaluation for Lifelong Learning: Identifying the Stability Gap</article-title>
            <fpage>2205</fpage>
          </element-citation>
        </citation-alternatives>
      </ref>
    </ref-list>
  </back>
</article>