A Distributed Hierarchical Multi-agent Architecture for Detecting Injections in SQL Queries

  • Cristian Pinzón
  • Juan F. De Paz
  • Álvaro Herrero
  • Emilio Corchado
  • Javier Bajo
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 85)


SQL injections consist in inserting keywords and special symbols in the parameters of SQL queries to gain illegitimate access to a database. They are usually identified by analyzing the input parameters and removing the special symbols. In the case of websites, due to the great amount of queries and parameters, it is very common to find parameters without checking that allow bad-intentioned users to introduce keywords and special symbols. This work proposes a distributed architecture based on multi-agent systems that is able to detect SQL injection attacks. The multi-agent architecture incorporates cased-based reasoning, neural networks and support vector machines in order to classify and visualize the queries, allowing the detection and identification of SQL injections. The approach has been tested and the experimental results are presented in this paper.


SQL injection Database Security Intrusion Detection Systems Multi-agent Systems Case-based Reasoning Unsupervised Projection Models 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-injection Attacks. In: 20th IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183. ACM, New York (2005)Google Scholar
  2. 2.
    Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Rietta, F.: Application layer intrusion detection for SQL injection. In: 44th Annual Southeast Regional Conference, pp. 531–536. ACM, New York (2006)CrossRefGoogle Scholar
  4. 4.
    Woolridge, M., Wooldridge, M.J.: Introduction to Multiagent Systems. John Wiley & Sons, Inc., New York (2002)Google Scholar
  5. 5.
    Laza, R., Pavon, R., Corchado, J.M.: A Reasoning Model for CBR_BDI Agents Using an Adaptable Fuzzy Inference System. In: Conejo, R., Urretavizcaya, M., Pérez-de-la-Cruz, J.-L. (eds.) CAEPIA/TTIA 2003. LNCS (LNAI), vol. 3040, pp. 96–106. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Anley, C.: Advanced SQL Injection In SQL Server Applications (2002),
  7. 7.
    Christensen, A.S., Moller, A., Schwartzbach, M.I.: Precise Analysis of String Expressions. In: 10th International Static Analysis Symposium, pp. 1–18. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: 33rd Annual Symposium on Principles of Programming Languages, pp. 372–382. ACM Press, New York (2006)Google Scholar
  9. 9.
    Huang, Y., Huang, S., Lin, T., Tsai, C.: Web application security assessment by fault injection and behavior monitoring. In: 12th International Conference on World Wide Web, pp. 148–159. ACM, New York (2003)Google Scholar
  10. 10.
    Ramasubramanian, P., Kannan, A.: Quickprop Neural Network Ensemble Forecasting a Database Intrusion Prediction System. In: 7th International Conference Artificial on Intelligence and Soft Computing, Neural Information Processing, vol. 5, pp. 847–852 (2004)Google Scholar
  11. 11.
    Corchado, J.M., Bajo, J., Abraham, A.: GerAmi: Improving Healthcare Delivery in Geriatric Residences. In: Intelligent Systems, vol. 23, pp. 19–25. IEEE, Los Alamitos (2008)Google Scholar
  12. 12.
    Vapnik, V.N.: An overview of statistical learning theory. IEEE Transactions on Neural Networks 10, 988–999 (1999)CrossRefGoogle Scholar
  13. 13.
    Corchado, J.M., Laza, R.: Constructing deliberative agents with case-based reasoning technology. International Journal of Intelligent Systems 18, 1227–1241 (2003)CrossRefGoogle Scholar
  14. 14.
    Mukkamala, S., Sung, A.H., Abraham, A.: Intrusion detection using an ensemble of intelligent paradigms. Journal of Network and Computer Applications 28(2), 167–182 (2005)CrossRefGoogle Scholar
  15. 15.
    Fritzke, B.: A Growing Neural Gas Network Learns Topologies. In: Advances in Neural Information Processing Systems, vol. 7, MIT Press, Cambridge (1995)Google Scholar
  16. 16.
    Herrero, Á., Corchado, E., Sáiz, L., Abraham, A.: DIPKIP: A Connectionist Knowledge Management System to Identify Knowledge Deficits in Practical Cases. Computational Intelligence 26(1), 26–56 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Cristian Pinzón
    • 1
  • Juan F. De Paz
    • 1
  • Álvaro Herrero
    • 2
  • Emilio Corchado
    • 1
  • Javier Bajo
    • 1
  1. 1.Departamento Informática y AutomáticaUniversidad de SalamancaSalamancaSpain
  2. 2.Department of Civil EngineeringUniversity of BurgosBurgosSpain

Personalised recommendations