Advertisement

Unsupervised Visualization of SQL Attacks by Means of the SCMAS Architecture

  • Álvaro Herrero
  • Cristian I. Pinzón
  • Emilio Corchado
  • Javier Bajo
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 71)

Abstract

This paper presents an improvement of the SCMAS architecture aimed at securing SQL-run databases. The main goal of such architecture is the detection and prevention of SQL injection attacks. The improvement consists in the incorporation of unsupervised projection models for the visual inspection of SQL traffic. Through the obtained projections, SQL injection queries can be identified and subsequent actions can be taken. The proposed approach has been tested on a real dataset, and the obtained results are shown.

Keywords

Multiagent System for Security Neural Projection Models Unsupervised Learning Database Security SQL Injection Attacks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Halfond, W.G.J., Viegas, J., Orso, A.: A Classification of SQL-Injection Attacks and Countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA (2006)Google Scholar
  2. 2.
    Breach Security Inc. The Web Hacking-Incidents Database (2008)Google Scholar
  3. 3.
    Halfond, W.G.J., Orso, A.: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. In: Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering (ASE 2005). ACM, New York (2005)Google Scholar
  4. 4.
    Kosuga, Y., Kono, K., Hanaoka, M., Hishiyama, M., Takahama, Y.: Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection. In: 23rd Annual Computer Security Applications Conference. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  5. 5.
    Bajo, J., Corchado, J.M., Pinzón, C., Paz, Y.D., Pérez-Lancho, B.: SCMAS: A Distributed Hierarchical Multi-Agent Architecture for Blocking Attacks to Databases. International Journal of Innovative Computing, Information and Control (2008)Google Scholar
  6. 6.
    Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028. Carnegie Mellon University - Software Engineering Institute (2000)Google Scholar
  7. 7.
    Herrero, Á., Corchado, E., Gastaldo, P., Zunino, R.: Neural Projection Techniques for the Visual Inspection of Network Traffic. Neurocomputing 72(16-18), 3649–3658 (2009)CrossRefGoogle Scholar
  8. 8.
    Corchado, J.M., Laza, R.: Constructing deliberative agents with case-based reasoning technology. International Journal of Intelligent Systems 18, 1227–1241 (2003)CrossRefGoogle Scholar
  9. 9.
    Pearson, K.: On Lines and Planes of Closest Fit to Systems of Points in Space. Philosophical Magazine 2(6), 559–572 (1901)Google Scholar
  10. 10.
    Demartines, P., Herault, J.: Curvilinear Component Analysis: A Self-Organizing Neural Network for Nonlinear Mapping of Data Sets. IEEE Transactions on Neural Networks 8(1), 148–154 (1997)CrossRefGoogle Scholar
  11. 11.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  12. 12.
    Kohonen, T.: The Self-Organizing Map. IEEE 78(9), 1464–1480 (1990)CrossRefGoogle Scholar
  13. 13.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)CrossRefMATHGoogle Scholar
  15. 15.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  16. 16.
    Damele, B.: SQLMAP0.5 – Automated SQL Injection Tool (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Cristian I. Pinzón
    • 2
  • Emilio Corchado
    • 2
  • Javier Bajo
    • 2
  1. 1.Civil Engineering DepartmentUniversity of BurgosBurgosSpain
  2. 2.Departamento de Informática y AutomáticaUniversidad de SalamancaSalamancaSpain

Personalised recommendations