Naaman, D., Ahmed, B., Yasin, H. (2025). AI-driven attacks on database security: taxonomy and defense strategies. , 43(10), 822-834. doi: 10.30684/etj.2025.163946.2003
Diyar W. Naaman; Berivan T. Ahmed; Hajar M. Yasin. "AI-driven attacks on database security: taxonomy and defense strategies". , 43, 10, 2025, 822-834. doi: 10.30684/etj.2025.163946.2003
Naaman, D., Ahmed, B., Yasin, H. (2025). 'AI-driven attacks on database security: taxonomy and defense strategies', , 43(10), pp. 822-834. doi: 10.30684/etj.2025.163946.2003
Naaman, D., Ahmed, B., Yasin, H. AI-driven attacks on database security: taxonomy and defense strategies. , 2025; 43(10): 822-834. doi: 10.30684/etj.2025.163946.2003

AI-driven attacks on database security: taxonomy and defense strategies

Engineering and Technology Journal
Volume 43, Issue 10, October 2025, Pages 822-834    PDF (691.01 K)
Document Type: Review Paper
DOI: 10.30684/etj.2025.163946.2003
Authors
Diyar W. Naaman* 1; Berivan T. Ahmed2; Hajar M. Yasin2
1Ministry of Education, General Directorate of Education in Duhok, Duhok, Iraq.
2Akre University for Applied Sciences, Technical College of Informatics, Department of Information Technology, Duhok, Iraq.
Abstract
Artificial intelligence has introduced both unprecedented capabilities and novel vulnerabilities into database environments, enabling highly adaptive attacks that can evade traditional defenses. This review surveys recent research published between 2022 and 2025 on AI-assisted database security threats and synthesizes the literature to develop a comprehensive taxonomy of emerging attack approaches. We identified five primary classes of AI-based attacks: intelligent SQL injection attacks, adversarial machine learning strategies targeting database security systems, data poisoning attacks on AI-based databases, automated reconnaissance exploits, and sociotechnical manipulations aimed at database administrators. We systematically reviewed publications on cyber defense stored in IEEE Xplore, ACM Digital Library, Science Direct, and Scopus databases. Boolean search terms were used on the databases specific to cyber defense. Findings indicate that automated SQL injection attacks can escalate the bypass rate of security systems to over 85% effectiveness. The effectiveness of rule-based defense systems degrades by 32% when pitted against sophisticated AI-adapted adversarial attacks. Conversely, machine learning-based defenses maintain a detection rate of 85 to 95%. To combat advancing techniques, a multilayer approach that includes adversarial training, anomaly-based intrusion detection, and automated user behavior analysis and reporting technology should be employed. This approach utilizes anomaly-based defenses through a monitoring model. Analysis shows that conventional database defense techniques need to be upgraded with real-time analytics, dynamic response mechanisms, and zero-day vulnerability protection to keep pace with the increasingly sophisticated nature of AI adversarial attacks on database systems.

Highlights
  • A novel taxonomy of five AI-powered database attacks bypassed traditional defenses with 85% success.
  • Analysis of 23 recent studies revealed critical gaps in AI-driven database security frameworks.
  • A layered defense model with adversarial training and behavioral monitoring was proposed.
  • Statistical results showed a 32% decline in rule-based systems against advanced AI attack variants.
  • A multi-disciplinary approach addressed technical, organizational, and human factors in AI threats.
Keywords
AI; driven attacks Database security Adversarial machine learning SQL injection Data poisoning Federated learning security GAN; based attacks
Supplementary Files
References
  1. CrowdStrike. (2025). global threat report: AI-powered attacks and voice phishing surge. CrowdStrike Intelligence. https://www.crowdstrike.com/resources/reports/global-threat-report-2025/
  2. NIST. (2024). Adversarial machine learning: A taxonomy and terminology of attacks and mitigations. NIST AI 100-2e2023. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.pdf
  3. Check Point Research. (2024). Cybersecurity predictions: The rise of AI-driven attacks, quantum threats, and social media exploitation. Check Point Blog. https://blog.checkpoint.com/security/2025-cyber-security-predictions
  4. Security Boulevard, The rise of AI-driven cyberattacks: Accelerated threats demand predictive and real-time defenses, Security Boulevard, (2024). https://securityboulevard.com/2025/05/the-rise-of-ai-driven-cyberattacks
  5. C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, R. Fergus‏,Intriguing properties of neural networks, arXiv:1312.6199v4 [cs.CV], (2014)1-10. https://doi.org/10.48550/arXiv.1312.6199
  6. N. Carlini, D. Wagner, Towards evaluating the robustness of neural networks, 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 2017, 39-57. https://doi.org/10.1109/SP.2017.49
  7. N. Mohamed‏, Securing transportation web applications: An AI-driven approach to detect and mitigate SQL injection attacks, J. Transp. Secur., 17 (2024). https://doi.org/10.1007/s12198-023-00269-x
  8. Goldilock. The emerging danger of AI-powered malware: 2025 threat forecast; Goldilock Security Research, 2025. https://goldilock.com/post/the-emerging-danger-of-ai-powered-malware-2025-threat-forecast
  9. B. Arasteh, B. Aghaei, B. Farzad, K. Arasteh, F. Kiani, M. Torkamanian-Afshar‏, Detecting SQL injection attacks by binary gray wolf optimizer and machine learning algorithms, Neural Comput. Appl., 36 (2024) 6771-6792. https://doi.org/10.1007/s00521-024-09429-z
  10. M. Macas, C. Wu, W. Fuertes‏, Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems, Expert Syst. Appl., 238 (2024) 122223. https://doi.org/10.1016/j.eswa.2023.122223
  11. W. B. Demilie, F. G. Deriba‏ Detection and prevention of SQLI attacks and developing compressive framework using machine learning and hybrid techniques, J. Big Data, 9 (2022) 124. https://doi.org/10.1186/s40537-022-00678-0
  12. M. Alghawazi, D. Alghazzawi, S. Alarifi‏, Detection of SQL injection attack using machine learning techniques: A systematic literature review, J. cybersecur. priv., 2 (2022) 764-777. https://doi.org/10.3390/jcp2040039
  13. Y. L. Khaleel, M. A. Habeeb, A. S. Albahri, T. Al-Quraishi, O. S. Albahri, A. H. Alamoodi , Network and cybersecurity applications of defense in adversarial attacks: A state-of-the-art using machine learning and deep learning methods, J. Intell. Syst., 33 (2024) 20240153. https://doi.org/10.1515/jisys-2024-0153
  14. Oprea, A. , Vassilev, A. Adversarial machine learning: A taxonomy and terminology of attacks and mitigations, NIST AI 100-2, 2024. https://doi.org/10.6028/NIST.AI.100-2e2023.ipd
  15. Y. Zhu, H. Wen, R. Zhao, Y. Jiang, Q. Liu, P. Zhang‏, Research on data poisoning attack against smart grid cyber-physical system based on edge computing, Sensors, 23 (2023) 4509. https://doi.org/10.3390/s23094509
  16. A. E. Cinà, K. Grosse, A. Demontis, B. Biggio, F. Roli, M. Pelillo‏, Machine learning security against data poisoning: Are we there yet?, Computer, 57 (2024) 26-34. https://doi.org/10.1109/MC.2023.3299572
  17. D. A. Alber, Z.Yang, A. Alyakin, E. Yang, S. Rai, A. A.Valliani, J. Zhang, G.R. Rosenbaum, Medical large language models are vulnerable to data-poisoning attacks, Nat. Med., 31 (2025) 618–626 . https://doi.org/10.1038/s41591-024-03445-1
  18. B. D. Deebak, S. O. Hwang‏, Healthcare applications using blockchain with a cloud-assisted decentralized privacy-preserving framework, IEEE Transactions on Mobile Computing, 23 (2024) 5897-5916. https://doi.org/10.1109/TMC.2023.3315510
  19. A. Heidari, N. J. Navimipour, M. Unal‏, A secure intrusion detection platform using blockchain and radial basis function neural networks for internet of drones, IEEE Internet Things J., 10 (2023) 8445-8454. https://doi.org/10.1109/JIOT.2023.3237661
  20. Z. K. Maseer, R. Yusof, N. Bahaman, S. A. Mostafa, C. F. M. Foozy, Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset, IEEE Access, 9 (2021) 22351-22370. https://doi.org/10.1109/ACCESS.2021.3056614
  21. NIST identifies types of cyberattacks that manipulate behavior of AI systems, NIST News, 2025. https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems
  22. K. He, D. D. Kim, M. R. Asghar, Adversarial machine learning for network intrusion detection systems: A comprehensive survey, IEEE Commun. Surv. Tutor., 25 (2023) 538-566. https://doi.org/10.1109/COMST.2022.3233793
  23. A. Alotaibi, M. A. Rassam‏, Adversarial machine learning attacks against intrusion detection systems: A survey on strategies and defense, Future Internet, 15 (2023) 62. https://doi.org/10.3390/fi15020062
  24. A. K. Nair, E. D. Raj, J. Sahoo, A robust analysis of adversarial attacks on federated learning environments, Multimed. Tools Appl., 82 (2023) 103723. https://doi.org/10.1016/j.csi.2023.103723
  25. D. Javeed, T. Gao, P. Kumar, A. Jolfaei‏, An explainable and resilient intrusion detection system for industry 5.0, IEEE Trans. Consum. Electron., 70 (2024) 1342-1350. https://doi.org/10.1109/TCE.2023.3283704
  26. A. Halbouni, T. S. Gunawan, M. H. Habaebi, CNN-LSTM: Hybrid deep neural network for network intrusion detection system, IEEE Access, 10 (2022) 99837-99849. https://doi.org/10.1109/ACCESS.2022.3206425
  27. Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, F. Ahmad‏, Network intrusion detection system: A systematic study of machine learning and deep learning approaches, Trans. Emerg. Telecommun., 32 (2021) e4150. https://doi.org/10.1002/ett.4150
  28. S. M. S. Bukhari, M. H. Zafar, M. Abou Houran, S. K. R. Moosavi, M Mansoor, M Muaaz, F Sanfilippo‏, Secure and privacy-preserving intrusion detection in wireless sensor networks: Federated learning with SCNN-Bi-LSTM for enhanced reliability, Ad Hoc Networks, 155 (2024) 103407. https://doi.org/10.1016/j.adhoc.2024.103407
  29. J. Azimjonov, T. Kim‏, A comprehensive empirical analysis of data sets, regression-based feature selectors, and linear SVM classifiers for intrusion detection systems, IEEE Internet Things J., 11 (2024) 34676-34693. https://doi.org/10.1109/JIOT.2024.3415499
  30. M. M. Khan, N. Shah, N. Shaikh, A. Thabet, T. alrabayah, and S. Belkhair, Towards secure and trusted AI in healthcare: A systematic review of emerging innovations and ethical challenges, Int. J. Med. Inform., 195 (2025) 105780. https://doi.org/10.1016/j.ijmedinf.2024.105780
Statistics
Article View: 121
PDF Download: 113


Journal Management System. Powered by iJournalPro.com