Skip to main content
SpringerLink
Log in

Soft Computing Techniques for Intrusion Detection of SQL-Based Attacks

  • Conference paper
Intelligent Information and Database Systems (ACIIDS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5990))

Included in the following conference series:

Abstract

In the paper we present two approaches based on application of neural networks and Gene Expression Programming (GEP) to detect SQL attacks. SQL attacks are those attacks that take the advantage of using SQL statements to be performed. The problem of detection of this class of attacks is transformed to time series prediction and classification problems. SQL queries are used as a source of events in a protected environment. To differentiate between normal SQL queries and those sent by an attacker, we divide SQL statements into tokens and pass them to our detection system based on recurrent neural network (RNN), which predicts the next token, taking into account previously seen tokens. In the learning phase tokens are passed to a recurrent neural network (RNN) trained by backpropagation through time (BPTT) algorithm. Then, two coefficients of the rule are evaluated. The rule is used to interpret RNN output. In the testing phase RNN with the rule is examined against attacks and legal data to find out how evaluated rule affects efficiency of detecting attacks. The efficiency of this method of detecting intruders is compared with the results obtained from GEP.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almgren, M., Debar, H., Dacier, M.: A lightweight tool for detecting web server attacks. In: Proceedings of the ISOC Symposium on Network and Distributed Systems Security (2000)

    Google Scholar 

  2. Ferreira, C.: Gene Expression Programming: A New Adaptive Algorithm for Solving Problems. Complex Systems 13(2), 87–129 (2001)

    MATH  MathSciNet  Google Scholar 

  3. Ferreira, C.: Gene Expression Programming: Mathematical Modeling by an Artificial Intelligence. Angra do Heroismo, Portugal (2002)

    Google Scholar 

  4. Kruegel, C., Vigna, G.: Anomaly Detection of Web-based Attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 2003), pp. 251–261 (2003)

    Google Scholar 

  5. Linn, S.: A New Conceptual Approach to Teaching the Interpretation of Clinical Tests. Journal of Statistics Education 12(3) (2004)

    Google Scholar 

  6. Litvinenko, V.I., Bidyuk, P.I., Bardachov, J.N., Sherstjuk, V.G., Fefelov, A.A.: Combining Clonal Selection Algorithm and Gene Expression Programming for Time Series Prediction. In: Third Workshop 2005 IEEE Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, pp. 133–138 (2005)

    Google Scholar 

  7. Skaruz, J., Seredynski, F.: Some Issues on Intrusion Detection in Web Applications. In: Rutkowski, L., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC 2008. LNCS (LNAI), vol. 5097, pp. 164–174. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Austria (2005)

    Google Scholar 

  9. Zhou, C., Xiao, W., Nelson, P.C., Tirpak, T.M.: Evolving Accurate and Compact Classification Rules with Gene Expression Programming. IEEE Transactions on Evolutionary Computation 7(6), 519–531 (2003)

    Article  Google Scholar 

  10. Zhou, C., Nelson, P.C., Xiao, W., Tirpak, T.M.: Discovery of Classification Rules by Using Gene Expression Programming. In: International Conference on Artificial Intelligence, pp. 1355–1361 (2002)

    Google Scholar 

  11. Zuo, J., Tang, C., Li, C., Yuan, C.-a., Chen, A.-l.: Time Series Prediction Based on Gene Expression Programming. In: Li, Q., Wang, G., Feng, L. (eds.) WAIM 2004. LNCS, vol. 3129, pp. 55–64. Springer, Heidelberg (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, University of Podlasie, Sienkiewicza 51, 08-110, Siedlce, Poland

    Jaroslaw Skaruz

  2. Polish-Japanese Institute of Information Technology, Koszykowa 86, 02-008, Warsaw

    Jerzy Pawel Nowacki, Aldona Drabik & Franciszek Seredynski

  3. Institute of Computer Science, Polish Academy of Sciences, Ordona 21, 01-237, Warsaw, Poland

    Franciszek Seredynski

  4. Faculty of Sciences Technology and Communication, University of Luxembourg, 6 rue Coudenhove Kalergi, L-1359, Luxembourg, Luxembourg

    Pascal Bouvry

Authors
  1. Jaroslaw Skaruz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jerzy Pawel Nowacki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aldona Drabik
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Franciszek Seredynski
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pascal Bouvry
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Informatics, Wroclaw University of Technology, Str. Wyb. Wyspianskiego 27, 50-370, Wroclaw, Poland

    Ngoc Thanh Nguyen

  2. Hue University, Str. Le Loi 3, Hue City, Vietnam

    Manh Thanh Le

  3. Faculty of Computer Science and Management, Wroclaw University of Technology, Str. Lukasiewicza 5, 50-370, Wroclaw, Poland

    Jerzy ÅšwiÄ…tek

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Skaruz, J., Nowacki, J.P., Drabik, A., Seredynski, F., Bouvry, P. (2010). Soft Computing Techniques for Intrusion Detection of SQL-Based Attacks. In: Nguyen, N.T., Le, M.T., ÅšwiÄ…tek, J. (eds) Intelligent Information and Database Systems. ACIIDS 2010. Lecture Notes in Computer Science(), vol 5990. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12145-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12145-6_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12144-9

  • Online ISBN: 978-3-642-12145-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation