Intrusion detection in web applications: Evolutionary approach

International Journal of Advanced Computer Science and Applications, 2016

Injection (SQLI) is one of the most popular vulnerabilities of web applications. The consequences of SQL injection attack include the possibility of stealing sensitive information or bypassing authentication procedures. SQL injection attacks have different forms and variations. One difficulty in detecting malicious attacks is that such attacks do not have a specific pattern. A new fuzzy rule-based classification system (FBRCS) can tackle the requirements of the current stage of security measures. This paper proposes a genetic fuzzy system for detection of SQLI where not only the accuracy is a priority, but also the learning and the flexibility of the obtained rules. To create the rules having high generalization capabilities, our algorithm builds on initial rules, data-dependent parameters, and an enhancing function that modifies the rule evaluation measures. The enhancing function helps to assess the candidate rules more effectively based on decision subspace. The proposed system has been evaluated using a number of well-known data sets. Results show a significant enhancement in the detection procedure.

2010 10th International Conference on Hybrid Intelligent Systems, 2010

SQL Injection attacks on web applications have become one of the most important information security concerns over the past few years. This paper presents a hybrid approach based on the Adaptive Intelligent Intrusion Detector Agent (AIIDA-SQL) for the detection of those attacks. The

Decision Support Systems, 2007

Since malicious intrusions into critical information infrastructures are essential to the success of cyberterrorists, effective intrusion detection is also essential for defending such infrastructures. Cyberterrorism thrives on the development of new technologies; and, in response, intrusion detection methods must be robust and adaptive, as well as efficient. We hypothesize that genetic programming algorithms can aid in this endeavor. To investigate this proposition, we conducted an experiment using a very large dataset from the 1999 Knowledge Discovery in Database (KDD) Cup data, supplied by the Defense Advanced Research Projects Agency (DARPA) and MIT's Lincoln Laboratories. Using machine-coded linear genomes and a homologous crossover operator in genetic programming, promising results were achieved in detecting malicious intrusions. The resulting programs execute in real time, and high levels of accuracy were realized in identifying both positive and negative instances.

It is crucial to avoid intrusion in networks; hence, a developing and intrusion detection system that used a strong mechanism for detecting intrusions is important. Several studies have been conducted in the domain of intrusion detections. However, some of them suffer from high false alarms, in terms of the use of a raw dataset with redundancy. Objective: This paper, therefore, proposes a multi-level dimensionality reduction framework that is based on meta-heuristic optimization and Principal Component Analysis (PCA). Method: In this research, PCA was applied for feature extraction. Genetic Algorithm and Particle Swarm Optimization, that is GA-PSO, algorithms were utilized for feature selection to extract the most discriminative features to develop intrusion detection model. In the classification phase, both Artificial Neural Network (ANN) and Support Vector Machine (SVM) algorithms were used to develop intrusion detection, using kddcup.data_10_percent dataset. Result: Experimental results reveal that the proposed framework brought about an accuracy of 99.7% and ROC of 99.9%, while the time required building model is 0.23 seconds. Conclusion: To a very high extent, incidences of high false alarm are allayed through the GA-PSO induced feature selection method.

International Journal of Advanced Computer Science and Applications, 2014

Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit tool, it uses an algorithm which bases on a classification techniques of pages obtained by sending HTTP requests especially formatted. We propose in this paper a new algorithm which was built in a vision to improve rather to supplement the logic followed in modeling WASAPY tool. The tool was supplemented by a new class reflecting the legitimate appearance or referential, therefore, the detection mechanism was solidly built on a statistic in a fairly clear mathematical framework described by a simple geometric representation or interpretation.

1995

Abstract This paper presents a potential solution to the intrusion detection problem in cmnputer security. It uses a combination of work in the fields of Artificial Life and computer security. It shows how an intrusion detection system can be implemented using autonomous agents, and how these agents can be built using Genetic Programming. It also shows how Automatically Defined Functions (ADFs) can be used to evolve genetic programs that contain multiple data types and yet retain type-safety.

This paper describes a new approach of classification using genetic programming. The proposed technique consists of genetically coevolving a population of non-linear transformations on the input data to be classified, and map them to a new space with a reduced dimension, in order to get a maximum inter-classes discrimination. The classification of new samples is then performed on the transformed data, and so become much easier. Contrary to the existing GP-classification techniques, the proposed one use a dynamic repartition of the transformed data in separated intervals, the efficacy of a given intervals repartition is handled by the fitness criterion, with a maximum classes discrimination. Experiments were first performed using the Fisher's Iris dataset, and then, the KDD'99 Cup dataset was used to study the intrusion detection and classification problem. Obtained results demonstrate that the proposed genetic approach outperform the existing GP-classification methods [1],[2] and [3], and give a very accepted results compared to other existing techniques proposed in [4],[5],[6],[7] and [8].

The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations.

2004

This paper investigates the suitability of linear genetic programming (LGP) technique to model efficient intrusion detection systems, while comparing its performance with artificial neural networks and support vector machines. Due to increasing incidents of cyber attacks and, building effective intrusion detection systems (IDSs) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We also investigate key feature indentification for building efficient and effective IDSs. Through a variety of comparative experiments, it is found that, with appropriately chosen population size, program size, crossover rate and mutation rate, linear genetic programs could outperform support vector machines and neural networks in terms of detection accuracy. Using key features gives notable performance in terms of detection accuracies. However the difference in accuracy tends to be small in a few cases.

The paper provides an introduction to the basic concepts of intrusion detection and genetic algorithms. The generic implementation of genetic algorithms using pseudo code is presented. Pseudo code for genetic algorithm based intrusion detection method is also included for clear understanding. The paper also provides an overview of the advantages and disadvantages of genetic algorithms in general, and as applied to intrusion detection in particular. This survey will provide helpful insight into the related literature and implementation of genetic algorithms in intrusion detection systems. It will also be a good source of information for people interested in the genetic algorithms based intrusion detection systems.