SCMAS: A distributed hierarchical multi-agent architecture for blocking attacks to databases

One of the main attacks on databases is the SQL injection attack which causes severe damage both in the commercial aspect and the confidence of users. This paper presents a novel strategy for detecting and preventing SQL injection attacks consisting of a multi-agent based architecture called SCMAS. The SCMAS architecture is structured in hierarchical layers and incorporates SQLCBR agents with improved learning and adaptation capabilities. The SQLCBR agents presented within this paper have been specifically designed to classify SQL injection attacks and to predict the behaviour of malicious users. These agents incorporate a new technique based on a mixture of neural networks and a technique based on a temporal series. This paper begins with a detailed explanation of the SCMAS architecture and the SQLCBR agents. The results of their application to a case study are then presented and discussed.

[1]  Jeff Reeve,et al.  Ubiquitous security for ubiquitous computing , 2007, Inf. Secur. Tech. Rep..

[2]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[3]  Andrew S. Tanenbaum,et al.  RFID malware: Design principles and examples , 2006, Pervasive Mob. Comput..

[4]  Juan M. Corchado,et al.  Constructing deliberative agents with case‐based reasoning technology , 2003, Int. J. Intell. Syst..

[5]  Juan M. Corchado,et al.  Development of CBR-BDI Agents , 2005, Int. J. Comput. Sci. Appl..

[6]  Yuehui Chen,et al.  IMPROVING NEURAL NETWORK CLASSIFICATION USING FURTHER DIVISION OF RECOGNITION SPACE , 2007 .

[7]  Raúl Monroy,et al.  Web Attack Detection Using ID3 , 2006, IFIP PPAI.

[8]  Javier Bajo,et al.  Intelligent environment for monitoring Alzheimer patients, agent technology for health care , 2008, Decis. Support Syst..

[9]  Alberto O. Mendelzon,et al.  Database techniques for the World-Wide Web: a survey , 1998, SGMD.

[10]  Premkumar T. Devanbu,et al.  JDBC checker: a static analysis tool for SQL/JDBC applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[11]  Judith Wusteman Philosophy and AI: Essays at the Interface , 1992 .

[12]  Angélica González Arrieta,et al.  A Shopping Mall Multiagent System: Ambient Intelligence in Practice. , 2006 .

[13]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[14]  M CorchadoJuan,et al.  Intelligent environment for monitoring Alzheimer patients, agent technology for health care , 2008 .

[15]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[16]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[17]  Agnar Aamodt,et al.  Case-Based Reasoning: Foundational Issues, Methodological Variations, and System Approaches , 1994, AI Commun..

[18]  Agostino Poggi,et al.  LEAP: A FIPA Platform for Handheld and Mobile Devices , 2001, ATAL.

[19]  Ronald L. Rivest,et al.  Inferring Decision Trees Using the Minimum Description Length Principle , 1989, Inf. Comput..

[20]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[21]  Amy L. Lansky,et al.  Reactive Reasoning and Planning , 1987, AAAI.

[22]  Yan Li,et al.  A rough set-based CBR approach for feature and document reduction in text categorization , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[23]  David J. Israel,et al.  Plans and resource‐bounded practical reasoning , 1988, Comput. Intell..

[24]  Joseph Lee,et al.  DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions , 2002, ICEIS.

[25]  Brahim Chaib-draa,et al.  Trends in Agent Communication Language , 2002, Comput. Intell..

[26]  Yingjie Wang FUZZY CLUSTERING ANALYSIS BY USING GENETIC ALGORITHM , 2008 .

[27]  Simon C. K. Shiu,et al.  Combining feature reduction and case selection in building CBR classifiers , 2006, IEEE Transactions on Knowledge and Data Engineering.

[28]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[29]  Vicent J. Botti,et al.  An execution time planner for the ARTIS agent architecture , 2008, Eng. Appl. Artif. Intell..

[30]  Eric Rescorla,et al.  The Secure HyperText Transfer Protocol , 1999, RFC.

[31]  Zhendong Su,et al.  An Analysis Framework for Security in Web Applications , 2004 .

[32]  Javier Bajo,et al.  REPLANNING MECHANISM FOR DELIBERATIVE AGENTS IN DYNAMIC CHANGING ENVIRONMENTS , 2008, Comput. Intell..

[33]  Kenji Kono,et al.  Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[34]  Franciszek Seredynski,et al.  Recurrent neural networks towards detection of SQL attacks , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[35]  Alun Preece,et al.  Advances in Case-Based Reasoning , 2002, Lecture Notes in Computer Science.

[36]  Frank S. Rietta Application layer intrusion detection for SQL injection , 2006, ACM-SE 44.

[37]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[38]  S. Rai,et al.  Safe query objects: statically typed objects as remotely executable queries , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[39]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[40]  A. Damba,et al.  Hierarchical Control in a Multiagent System , 2007, Second International Conference on Innovative Computing, Informatio and Control (ICICIC 2007).

[41]  R.A. McClure,et al.  SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[42]  Barbara Messing,et al.  An Introduction to MultiAgent Systems , 2002, Künstliche Intell..

[43]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[44]  Takeshi Uno,et al.  An evolutionary multi-agent based search method for stackelberg solutions of bilevel facility location problems , 2008 .