GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic nature, leading to denial-of-service attacks, data exfiltration through injection, and other exploits. Existing solutions, such as static analysis, rate limiting, and general-purpose Web Application Firewalls, offer limited protection against sophisticated, context-aware attacks. This paper presents a novel, AI-driven approach for real-time detection of malicious GraphQL queries. Our method combines static analysis with machine learning techniques, including Large Language Models (LLMs) for dynamic schema-based configuration, Sentence Transformers (SBERT and Doc2Vec) for contextual embedding of query payloads, and Convolutional Neural Networks (CNNs), Random Forests, and Multilayer Perceptrons for classification. We detail the system architecture, implementation strategies optimized for production environments (including ONNX Runtime optimization and parallel processing), and evaluate the performance of our detection models and the overall system under load. Results demonstrate high accuracy in detecting various threats, including SQL injection, OS command injection, and XSS exploits, alongside effective mitigation of DoS and SSRF attempts. This research contributes a robust and adaptable solution for enhancing GraphQL API security.

翻译：GraphQL的灵活性虽有利于高效数据获取，却引入了传统API安全机制往往无法应对的独特安全漏洞。恶意GraphQL查询可能利用该语言的动态特性，导致拒绝服务攻击、通过注入实现的数据窃取及其他攻击手段。现有解决方案（如静态分析、速率限制和通用Web应用防火墙）对复杂的情境感知攻击防护能力有限。本文提出一种基于人工智能的新型方法，用于实时检测恶意GraphQL查询。该方法将静态分析与机器学习技术相结合：采用大型语言模型实现基于动态模式的配置，运用句子转换器（SBERT与Doc2Vec）生成查询负载的上下文嵌入表示，并利用卷积神经网络、随机森林及多层感知器进行分类。我们详细阐述了系统架构、针对生产环境优化的实施策略（包括ONNX Runtime优化与并行处理），并评估了检测模型及整体系统在负载下的性能。实验结果表明，该系统能高精度检测各类威胁（包括SQL注入、操作系统命令注入和XSS攻击），同时有效缓解拒绝服务与服务器端请求伪造攻击。本研究为增强GraphQL API安全性提供了一种鲁棒且适应性强的解决方案。