Title
Web Application Security through Gene Expression Programming
Abstract
In the paper we present a novel approach based on applying a modern metaheuristic Gene Expression Programming (GEP) to detecting web application attacks. This class of attacks relates to malicious activity of an intruder against applications, which use a database for storing data. The application uses SQL to retrieve data from the database and web server mechanisms to put them in a web browser. A poor implementation allows an attacker to modify SQL statements originally developed by a programmer, which leads to stealing or modifying data to which the attacker has not privileges. Intrusion detection problem is transformed into classification problem, which the objective is to classify SQL queries between either normal or malicious queries. GEP is used to find a function used for classification of SQL queries. Experimental results are presented on the basis of SQL queries of different length. The findings show that the efficiency of detecting SQL statements representing attacks depends on the length of SQL statements.
Year
DOI
Venue
2009
10.1007/978-3-642-01129-0_1
EvoWorkshops
Keywords
Field
DocType
web server mechanism,gene expression programming,different length,web application security,modifying data,classification problem,web browser,sql statement,sql query,storing data,web application attack,intrusion detection problem,intrusion detection
PL/SQL,Stored procedure,Information retrieval,Computer science,Data definition language,Data Transformation Services,User-defined function,Query by Example,SQL injection,Null (SQL),Database
Conference
Volume
ISSN
Citations 
5484
0302-9743
0
PageRank 
References 
Authors
0.34
5
2
Name
Order
Citations
PageRank
Jaroslaw Skaruz1489.39
Franciszek Seredynski236655.06