Cristian Pinzón

idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining

This study presents a multiagent architecture aimed at detecting SQL injection attacks, which are one of the most prevalent threats for modern databases. The proposed architecture is based on a hierarchical and distributed strategy where the functionalities are structured on layers. SQL-injection attacks, one of the most dangerous attacks to online databases, are the focus of this research. The agents in each one of the layers are specialized in specific tasks, such as data gathering, data classification, and visualization. This study presents two key agents under a hybrid architecture: a classifier agent that incorporates a Case-Based Reasoning engine employing advanced algorithms in the reasoning cycle stages, and a visualizer agent that integrates several techniques to facilitate the visual analysis of suspicious queries. The former incorporates a new classification model based on a mixture of a neural network and a Support Vector Machine in order to classify SQL queries in a reliable way. The latter combines clustering and neural projection techniques to support the visual analysis and identification of target attacks. The proposed approach was tested in a real-traffic case study and its experimental results, which validate the performance of the proposed approach, are presented in this paper.

S-MAS

Research highlights? Security is a key factor in Web Service-based applications. Denial of service attack (DoS) is caused for the modifications in the XML of the SOAP messages. This paper presents a multiagent architecture to deal with DoS attacks in Web Service environments. The distributed approach provides self-adaption to the changes that occur in the patterns of attack. A prototype of the architecture was developed and the results obtained are presented in this study. During the last years the use of Web Service-based applications has notably increased. However, the security has not evolved proportionally, which makes these applications vulnerable and objective of attacks. One of the most common attacks requiring novel solutions is the denial of service attack (DoS), caused for the modifications introduced in the XML of the SOAP messages. The specifications of existing security standards do not focus on this type of attack. This article presents the S-MAS architecture as a novel adaptive approach for dealing with DoS attacks in Web Service environments, which represents an alternative to the existing centralized solutions. S-MAS proposes a distributed hierarchical multi-agent architecture that implements a classification mechanism in two phases. The main benefits of the approach are the distributed capabilities of the multi-agent systems and the self-adaption ability to the changes that occur in the patterns of attack. A prototype of the architecture was developed and the results obtained are presented in this study.

Mitigation of the ground reflection effect in real-time locating systems based on wireless sensor networks by using artificial neural networks

Wireless sensor networks (WSNs) have become much more relevant in recent years, mainly because they can be used in a wide diversity of applications. Real-time locating systems (RTLSs) are one of the most promising applications based on WSNs and represent a currently growing market. Specifically, WSNs are an ideal alternative to develop RTLSs aimed at indoor environments where existing global navigation satellite systems, such as the global positioning system, do not work correctly due to the blockage of the satellite signals. However, accuracy in indoor RTLSs is still a problem requiring novel solutions. One of the main challenges is to deal with the problems that arise from the effects of the propagation of radiofrequency waves, such as attenuation, diffraction, reflection and scattering. These effects can lead to other undesired problems, such as multipath. When the ground is responsible for wave reflections, multipath can be modeled as the ground reflection effect. This paper presents an innovative mathematical model for improving the accuracy of RTLSs, focusing on the mitigation of the ground reflection effect by using multilayer perceptron artificial neural networks.

AIIDA-SQL: An Adaptive Intelligent Intrusion Detector Agent for detecting SQL Injection attacks

SQL Injection attacks on web applications have become one of the most important information security concerns over the past few years. This paper presents a hybrid approach based on the Adaptive Intelligent Intrusion Detector Agent (AIIDA-SQL) for the detection of those attacks. The AIIDA-SQL agent incorporates a Case-Based Reasoning (CBR) engine which is equipped with learning and adaptation capabilities for the classification of SQL queries and detection of malicious user requests. To carry out the tasks of attack classification and detection, the agent incorporates advanced algorithms in the reasoning cycle stages. Concretely, an innovative classification model based on a mixture of an Artificial Neuronal Network together with a Support Vector Machine is applied in the reuse stage of the CBR cycle. This strategy enables to classify the received SQL queries in a reliable way. Finally, a projection neural technique is incorporated, which notably eases the revision stage carried out by human experts in the case of suspicious queries. The experimental results obtained on a real-traffic case study show that AIIDA-SQL performs remarkably well in practice.

CBRid4SQL: a CBR intrusion detector for SQL injection attacks

One of the most serious security threats to recently deployed databases has been the SQL Injection attack This paper presents an agent specialised in the detection of SQL injection attacks The agent incorporates a Case-Based Reasoning engine which is equipped with a learning and adaptation capacity for the classification of malicious codes The agent also incorporates advanced algorithms in the reasoning cycle stages The reuse phase uses an innovative classification model based on a mixture of a neuronal network together with a Support Vector Machine in order to classify the received SQL queries in the most reliable way Finally, a visualisation neural technique is incorporated, which notably eases the revision stage carried out by human experts in the case of suspicious queries The Classifier Agent was tested in a real-traffic case study and its experimental results, which validate the performance of the proposed approach, are presented here.

Improving the security level of the FUSION@ multi-agent architecture

The use of architectures based on services and multi-agent systems has become an increasingly important part of the solution set used for the development of distributed systems. Nevertheless, these models pose a variety of problems with regards to security. This article presents the Adaptive Intrusion Detection Multi-agent System (AIDeMaS), a mechanism that has been designed to detect and block malicious SOAP messages within distributed systems built by service based architectures. AIDeMaS has been implemented as part of FUSION@, a multi-agent architecture that facilitates the integration of distributed services and applications to optimize the construction of highly-dynamic multi-agent systems. One of the main features of AIDeMaS is that is employs case-based reasoning mechanisms, which provide it with great learning and adaptation capabilities that can be used for classifying SOAP messages. This research presents a case study that uses the ALZ-MAS system, a multi-agent system built around FUSION@, in order to confirm the effectiveness of AIDeMaS. The preliminary results are presented in this paper.

Real-time CBR-agent with a mixture of experts in the reuse stage to classify and detect DoS attacks

Security is a major concern when service environments are implemented. This has led to the proposal of a variety of specifications and proposals based on soft computing methods to provide the necessary security for these environments. However, most proposed approaches focus only on ensuring confidentiality and integrity, without putting forward mechanisms that ensure the availability of services and resources offered. A considerable number of attack mechanisms can lead to a web service system crash. As a result, the web service cannot allow access to authorized users. This type of attack is a so-called denial of service attack (DoS) which affects the availability of the services and recourses available. This article presents a novel soft computing-based approach to cope with DoS attacks, but unlike existing solutions, our proposal takes into account the different soft computing mechanisms that can lead to a DoS attack. Our approach is based on a real time classifier agent that incorporates a mixture of experts to choose a specific classification technique depending on the feature of the attack and the time available to solve the classification. With this scheme it is possible to divide the problem into subproblems, solving the classification of the web service requests in a more simple and effective way and always within a time bound interval. This research presents a case study to evaluate the effectiveness of the approach and also presents the preliminary results obtained with an initial prototype.

Protecting web services against dos attacks: a case-based reasoning approach

The real-time detection is a key factor to detect and block DoS attacks within Web services DoS attacks can be generated for different techniques that take advantage of points vulnerable within Web services This paper describes a novel proposal based on a real time agent to classify user requests and detect and block malicious SOAP messages The classification mechanism is based on a Case-Base Reasoning (CBR) model, where the different CBR phases are time bounded Within the reuse phase of the CBR cycle is incorporated a mixture of experts to choose the most suitable technique of classification depending on the feature of the attack and the available time to solve the classification A prototype of the architecture was developed and the results obtained are presented in this study.

Mathematical model for a temporal-bounded classifier in security environments

Security is a major concern when web applications are implemented. This has led to the proposal of a variety of specifications and approaches to provide the necessary security for these environments. SQL injection attacks on web applications have become one of the most important information security concerns over the past few years. The purpose of this article is to present an adaptive and intelligent mechanism that can handle SQL injection attacks taking into account a controlled time response. Our approach is based on a soft real-time classifier agent that incorporates a mixture of experts based on soft computing to choose a specific classification technique depending on the attack and the time available to solve the classification. A case study to evaluate the effectiveness of the approach and the preliminary results obtained with an initial prototype are also presented.

A Multiagent Based Strategy for Detecting Attacks in Databases in a Distributed Mode

This paper presents a distributed hierarchical multiagent architecture for detecting SQL injection attacks against databases. It uses a novel strategy, which is supported by a Case-Based Reasoning mechanism, which provides to the classifier agents with a great capacity of learning and adaptation to face this type of attack. The architecture combines strategies of intrusion detection systems such as misuse detection and anomaly detection. It has been tested and the results are presented in this paper.