--- license: apache-2.0 language: - en base_model: - roberta-base pipeline_tag: text-classification tags: - security - prompt - cyber-security - llm-security - prompt-injection - sql-injection library_name: transformers --- # SQL Injection Detector A fine-tuned RoBERTa model for detecting SQL injection attacks in prompts before they reach an LLM. ## Overview This model is part of [PromptWAF](https://github.com/edaerer/promptwaf) — a multi-layered ML-based Web Application Firewall designed to detect and block prompt injection attacks. The model identifies prompts containing SQL command injection patterns (`'; DROP TABLE`, `OR 1=1`, `UNION SELECT`, etc.) commonly used to manipulate database queries through LLM interfaces. ## Model Details - **Architecture**: RoBERTa (Base) - **Task**: Binary Sequence Classification - **Training Data**: Trained on a custom, internally curated SQL injection dataset - **Labels**: - `0` → Safe/Benign - `1` → SQL Injection Attack ## Usage ### With PromptWAF ```bash # Automatically used in PromptWAF via .env configuration SQL_INJECTION_MODEL_DIR=edaerer/promptwaf-sql-injection ``` ### Standalone ```python from transformers import AutoTokenizer, AutoModelForSequenceClassification import torch model_id = "edaerer/promptwaf-sql-injection" tokenizer = AutoTokenizer.from_pretrained(model_id) model = AutoModelForSequenceClassification.from_pretrained(model_id) text = "'; DROP TABLE users;--" inputs = tokenizer(text, return_tensors="pt") with torch.no_grad(): outputs = model(**inputs) probabilities = torch.softmax(outputs.logits, dim=-1) score = probabilities[0][1].item() # Malicious score print(f"SQL Injection Risk: {score:.2%}") ``` ## Performance - **Threshold**: 0.5 (adjustable in PromptWAF) - **Input**: Max 256 tokens ## Integration This model is designed to work seamlessly with: - **PromptWAF** - The main security orchestrator - **HuggingFace Transformers** - For inference - Any standard sequence classification pipeline ## Citation ```bibtex @software{promptwaf2026, author = {Erer, Eda and Odabasi, Talha}, title = {PromptWAF: A Multi-Layered ML Defense for LLM Prompt Security}, year = {2026}, url = {https://github.com/edaerer/promptwaf} } ``` ## License Apache License 2.0 --- For more information, visit [PromptWAF GitHub Repository](https://github.com/edaerer/promptwaf)