2024-03-28T13:44:11Zhttps://gredos.usal.es/oai/requestoai:gredos.usal.es:10366/1349372022-02-07T15:35:59Zcom_10366_122575com_10366_4512com_10366_3823col_10366_134811
AIIDA-SQL: An Adaptive Intelligent Intrusion Detector Agent for detecting SQL Injection attacks
Pinzón, Cristian
Paz Santana, Juan Francisco de
Bajo Pérez, Javier
Herrero Cosío, Álvaro
Corchado Rodríguez, Emilio Santiago
Computer Science
SQL Injection attacks on web applications have become one of the most important information security concerns over the past few years. This paper presents a hybrid approach based on the Adaptive Intelligent Intrusion Detector Agent (AIIDA-SQL) for the detection of those attacks. The AIIDA-SQL agent incorporates a Case-Based Reasoning (CBR) engine which is equipped with learning and adaptation capabilities for the classification of SQL queries and detection of malicious user requests. To carry out the tasks of attack classification and detection, the agent incorporates advanced algorithms in the reasoning cycle stages. Concretely, an innovative classification model based on a mixture of an Artificial Neuronal Network together with a Support Vector Machine is applied in the reuse stage of the CBR cycle. This strategy enables to classify the received SQL queries in a reliable way. Finally, a projection neural technique is incorporated, which notably eases the revision stage carried out by human experts in the case of suspicious queries. The experimental results obtained on a real-traffic case study show that AIIDA-SQL performs remarkably well in practice.
2017-09-06T09:15:01Z
2017-09-06T09:15:01Z
2010
info:eu-repo/semantics/article
Hybrid Intelligent Systems (HIS), 2010 10th International Conference on. pp. 73 - 78.
978-1-4244-7363-2 (Print)
http://hdl.handle.net/10366/134937
en
https://creativecommons.org/licenses/by-nc-nd/3.0/
info:eu-repo/semantics/openAccess
Attribution-NonCommercial-NoDerivs 3.0 Unported
IEEE