idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining

 

Authors

Pinzón Trejos, Cristian; De Paz, Juan; Herrero, Álvaro; Corchado, Emilio; Bajo, Javier; Corchado, Juan

Format

Article

Status

publishedVersion

Description

This study presents a multiagent architecture aimed at detecting SQL injection attacks, which are one of the most prevalent threats for modern databases. The proposed architecture is based on a hierarchical and distributed strategy where the functionalities are structured on layers. SQL-injection attacks, one of the most dangerous attacks to online databases, are the focus of this research. The agents in each one of the layers are specialized in specific tasks, such as data gathering, data classification, and visualization. This study presents two key agents under a hybrid architecture: a classifier agent that incorporates a Case-Based Reasoning engine employing advanced algorithms in the reasoning cycle stages, and a visualizer agent that integrates several techniques to facilitate the visual analysis of suspicious queries. The former incorporates a new classification model based on a mixture of a neural network and a Support Vector Machine in order to classify SQL queries in a reliable way. The latter combines clustering and neural projection techniques to support the visual analysis and identification of target attacks. The proposed approach was tested in a real-traffic case study and its experimental results, which validate the performance of the proposed approach, are presented in this paper.
This study presents a multiagent architecture aimed at detecting SQL injection attacks, which are one of the most prevalent threats for modern databases. The proposed architecture is based on a hierarchical and distributed strategy where the functionalities are structured on layers. SQL-injection attacks, one of the most dangerous attacks to online databases, are the focus of this research. The agents in each one of the layers are specialized in specific tasks, such as data gathering, data classification, and visualization. This study presents two key agents under a hybrid architecture: a classifier agent that incorporates a Case-Based Reasoning engine employing advanced algorithms in the reasoning cycle stages, and a visualizer agent that integrates several techniques to facilitate the visual analysis of suspicious queries. The former incorporates a new classification model based on a mixture of a neural network and a Support Vector Machine in order to classify SQL queries in a reliable way. The latter combines clustering and neural projection techniques to support the visual analysis and identification of target attacks. The proposed approach was tested in a real-traffic case study and its experimental results, which validate the performance of the proposed approach, are presented in this paper.

Publication Year

2018

Language

eng

Topic

Intrusion Detection
SQL injection attacks
Data mining
CBR
SVM
Neural networks
Intrusion Detection
SQL injection attacks
Data mining
CBR
SVM
Neural networks

Repository

RI de Documento Digitales de Acceso Abierto de la UTP

Get full text

https://www.sciencedirect.com/science/article/pii/S0020025511003148
http://ridda2.utp.ac.pa/handle/123456789/4780

Rights

embargoedAccess

License