The week's pick
Reseach Article
Multi-Agent System for Detecting and Blocking SQL Injection
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 64 - Number 15 |
| Year of Publication: 2013 |
| Authors: Niraj Kulkarni, D R Anekar, Mayur Ghadge, Rohit Garde |
10.5120/10714-5697
|
Niraj Kulkarni, D R Anekar, Mayur Ghadge, Rohit Garde . Multi-Agent System for Detecting and Blocking SQL Injection. International Journal of Computer Applications. 64, 15 ( February 2013), 42-45. DOI=10.5120/10714-5697
Abstract
This study presents detection of SQL injection queries by a multi level architecture which uses multiple agents. The SQL injection attacks are one of the biggest security threats in databases. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. The proposed architecture is based on a hierarchical and distributed strategy where the functionalities are structured on layers. SQL-injection attacks, one of the most dangerous attacks to online databases, are the focus of this research. The agents in each one of the layers are specialized in specific tasks, such as syntax check of queries, data classification, and visualization. The study uses multiple agents in a multi layer architecture, where each agent functions differently and assigns functions to other agent to detect and block SQL injection queries. This study describes two important agents under hybrid architecture: an agent which classifies SQL queries using a Case-Based Reasoning engine based on Legal/illegal/Suspicious. Later if query is still suspicious the query is passed to the human expert by control agents, from where query can be finally classified. The chance of the query reaching to the human expert agent in this system is very low. Thus this study is very effective and efficient to detect and block hazardous SQL injection query fired by an attacker. The system acts as a firewall between an application and database. The use of multi agents helps the cause effectively.
References
- Cristian I. Pinzon, Juan F. De Paz, Alvaro Herrero, Emilio Corchado, Javier Bajo, Juan M. Corchado idMAS-SQL: Intrusion Detection based on MAS to Detect and Block SQL injection through data mining.
- Cristian Pinzon, Álvaro Herrero, Juan F. De Paz, Emilio Corchado, and Javier Bajo: A CBR Intrusion Detector for SQL Injection Attacks.
- Cristian Pinzón, Juan F. De Paz, Álvaro Herrero2, Emilio Corchado1, Javier: A Distributed Hierarchical Multi-agent Architecture for Detecting Injections in SQL Queries.
- Indrani Balasundaram, Dr. E. Ramaraj: An Approach to Detect and Prevent SQL Injection Attacks in Database Using Web Service.
- William G. J. Halfond, Jeremy Viegas, and Alessandro Orso: A Classification of SQL Injection Attacks and Countermeasures.
- Varian Luong Intrusion Detection And Prevention System: SQL Injection Attacks.
- Christian Bockermann, Martin Apel, and Michael Meier: Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling.
- Sruthy Manmadhan and Manesh: A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS.
- Shaimaa Ezzat Salama, Mohamed I. Marie, Laila M. El- Fangary & Yehia K. Helmy: Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection.
- Lori Mac Vittie: SQL Injection Evasion Detection.
Index Terms
Keywords