Witold Pedrycz Universidad de Alberta (Canadá) Universidad Xin Yao de Birmingham (Reino Unido) Universidad Hujun Yin de Manchester (Reino Unido). Estefanía Argente Universidad de Valencia (España) Fidel Aznar Universidad de Alicante (España) Jaume Bacardit Universidad de Nottingham (Reino Unido) Antonio Bahamonde Universidad de Oviedo (España). Bruno Baruque Universidad de Burgos (España) Joé Manuel Benítez Universidad de Granada (España) Ester Bernadó Universitat Ramon Lull (España).
Leticia Curiel Unibersidad ti Burgos (España) Alfredo Cuzzocrea Unibersidad ti Calabria (Italia) Keshav Dahal Unibersidad ti Bradford (UK) Ernesto Damiani Unibersidad ti Milan (UK) Bernard De Baets Unibersidad ti Ghent (Belgium) Enrique de la Cal Unibersidad ti Oviedo (España ) . Elsa Fernandez Unibersidad ti Pagilian a Basko (España) Nuno Ferreira Politegniese Instituto ti Coimbra (Portugal) Richard Freeman Capgemini (España). Jose Garcia Unibersidad ti Alicante (España) Salvador Garcia Unibersidad ti Jaen (España) Unibersidad ti Neveen Ghali Azhar (Egipto).
Masoud Mohammadian Universiteit van Canberra (Australië) José Manuel Molina Universiteit Carlos III van Madrid (Spanje) Claudio Moraga Europese Sentrum vir Sagte Rekenaarkunde (Spanje) Marco Mora Universidad Católica del Maule (Spanje) Ramón Moreno Universiteit van Baskeland (Spanje) Susana Nascimento Universidade Nova de Lisboa (Portugal) Martí Navarro Universidad Politécnica de Valencia (Spanje) Yusuke Nojima Osaka Prefektuur Universiteit (Japan) Alberto Ochoa Juarez City University/CIATEC (Mexiko) Albert Orriols Universiteit Ramon LLull (Spanje). Elzbieta Pekalska Universiteit van Manchester (VK) Carlos Pereira Universidade de Coimbra (Portugal) Antonio Peregrín Universiteit van Huelva (Spanje). José Ranilla Universiteit van Oviedo (Spanje) Javier Ramírez Universiteit van Granada (Spanje) Romain Raveaux Universiteit van La Rochelle (Frankryk) Carlos Redondo Universiteit van León (Spanje) Raquel Redondo Universiteit van Burgos (Spanje) Bernadete Ribeiro Universiteit van Coimbra (Portugal) Ramón Rizo Universiteit van Alicante (Spanje).
Konstantinos Sirlantzis University of Kent (UK) Dominik Slezak University of Regina (Kanada) Cecilia Sönströd University of Borås (Sverige) Beijing Ying Tan University (Kina).
Special Session Committees
Robert Schaefer AGH Unibersidad ti Siensia ken Teknolohia (Polandia) Javier Sedano Unibersidad ti Burgos (España). Jose Luis Verdegay Unibersidad ti Granada (España) Jose Ramon Villar Unibersidad ti Oviedo (España) Jose Ramon Cano Unibersidad ti Jaen (España). Hujun Yin Ti Unibersidad ti Manchester (UK) Constantin Zopounidis Teknikal nga Unibersidad ti Creta (Gresia) Unibersidad ti Huiyu Zhou Brunel (UK).
Real-World HAIS Applications and Data Uncertainty
Universidad Luciano Sánchez de Oviedo (España) Universidad Luis Oliveira de Oviedo (España) Universidad María del Rosario Suárez de Oviedo (España). Carmen Vidaurre Universidad Técnica de Berlín (Alemania) Enrique de la Universidad Cal de Oviedo (España).
Signal Processing and Biomedical Applications
Jerzy Stefanowski Technical University of Poznan (Poland) Robert Burduk Technical University of Wroclaw (Poland) Michal Wozniak Technical University of Wroclaw (Poland) Emilio Corchado University of Salamanca (Spain).
Knowledge Extraction Based on Evolutionary Learning
Systems, Man, and Cybernetics by HAIS Workshop
Universidad Politegniese Vicente Botti de Valencia (España) Universidad José Manuel Molina Universidad Carlos III de Madrid (España) Universidad Lourdes Sáiz Barcena de Burgos (España). Universidad Francisco Herrera de Granada (España) Leticia Curiel Universidad de Burgos (España) Universidad César Hervás de Córdoba (España) Universidad Sara Rodríguez de León (España).
Hybrid Intelligent Systems on Logistics
Hybrid Reasoning and Coordination Methods on Multi-agent Systems
HAIS for Computer Security (HAISfCS)
De Paz Santana Universiteit van Salamanca (Spanje) Sara Rodríguez Universiteit van Salamanca (Spanje) Raquel Redondo Universiteit van Burgos (Spanje) Leticia Curiel Universiteit van Burgos (Spanje) Bruno Baruque Universiteit van Burgos (Spanje).
Hybrid and Intelligent Techniques on Multimedia
Hybrid ANN: Models, Data Models, Algorithms and Data
Hybrid Artificial Intelligence Systems Based on Lattice Theory
Information Fusion: Frameworks and Architectures
Local Organizing Committee
A Dual Network Adaptive Learning Algorithm for Supervised Neural Network with Soft Real-Time Contour Preserving Classification. Scalability of a Methodology for Generating Technical Trading Rules with GAP based on Risk-Return and Growth Adjustment.
CBRid4SQL: A CBR Intrusion Detector for SQL Injection Attacks
1 Introduction
The CBRid4SQL agent is a CBR agent [9] that is characterized by the integration of a CBR (Case-Based Reasoning) mechanism. This mechanism provides agents with a greater level of adaptability and learning ability, as CBR systems use past experiences to solve new problems [9]. This is very effective for blocking SQL injection attacks as the mechanism uses a strategy based on anomaly detection [10].
In addition to the CBR engine incorporated in the internal structure of the CBRid4SQL agent, a mixture integrated through an Artificial Neural Network (ANN) and a Support Vector Machine (SVM) is used as a classification mechanism. By using this mixture, it is possible to take advantage of both strategies in order to classify SQL queries in a more reliable way. Finally, to help the expert in making decisions about those questions classified as doubtful, a visualization mechanism is proposed which combines clustering techniques and neural models to reduce dimensionality based on unsupervised learning.
The rest of the paper is structured as follows: section 2 presents the problem that gave rise to most of this research work.
2 SQL Injection Attacks
The main problem of this approach is finding an adequate threshold to maintain a low false positive and false negative rate. Another technique used is characterization; inferring the type of attack associated with the malicious request. Valeur, Mutz and Vigna [8] propose the use of anomaly detection by generating a series of models, starting with a set of recovered queries.
During execution, they monitor the applications to identify requests that are not associated with the above models.
CBRid4SQL Agent
- Retrieve
- Reuse
- Revise
- Retain
In terms of CBR, the case is composed of elements of the SQL query described as follows: (a) Problem description describing the initial information available for generating a plan. In the reuse phase, as seen in figure 1, a Multi-layer Perceptron (MLP) and an SVM are simultaneously applied to perform the prediction of the new query. In the case of the query leading as suspicious, further inspection will be performed manually by a human expert.
Below, the different stages of the CBR reasoning cycle related to the system are described in more detail. Case retrieval is performed using the Query_Category attribute which retrieves queries from the case memory (Cr) that have been used for a similar query according to the attributes of the new case cn. The recovery of these memory models allows to improve the performance of the system so that the time required to create the models is significantly reduced, mainly in the case of ANN training.
The combination of both techniques is fundamental in reducing the rate of false negatives. Since the neurons coming from the hidden layer of the neural network contain sigmoidal neurons with values between [0, 1], the incoming variables are redefined so that their range falls between [0.2-0.8]. Due to the fact that the dimensionality of the new space can be very high, it is not feasible to calculate hyperplanes that allow the production of linear separability.
Once the output values of the ANN and SVM are obtained, the blending is performed using a weighted average function of the error rate of each of the techniques. For cases detected as suspicious, with output values determined experimentally in the range, a review is performed by a human expert. As CBR learns, the interval values are automatically adjusted to the smallest of the false negatives.
Where: η is the learning rate, τ is the “strength” of the lateral connections, b the bias parameter, p a parameter related to the energy function and A is a symmetric matrix used to modify the response to the data [14]. The learning phase updates the information about the newly classified case and reconstructs the classifiers offline to leave the system available for new classifications. In the case of a referral for inspection of suspicious queries, information and classifiers are updated when the expert updates the information.
4 Experimental Results and Conclusions
The effect of this matrix is based on the ratio of the distances separating the output neurons. Finally, the information is represented and the associated queries are restored with the retrieved mesh, as can be seen in Fig. As can be seen in Table 1, the highest performing system is CBRid4SQL, which has a success rate of 698/705.
This query represents an attack on the database, as the presence of OR 1=1 implies the retrieval of a number of records that are not associated with client requests. The mixture gave an output value of 0.47, which is within the range of suspicious searches. If the ANN had been applied to itself, it would have considered this question valid.
Figure 2 shows the obtained results, which will be displayed to the expert. The most similar queries are colored: legitimate matching queries are shown in green, attacks are in red, and current queries are in blue. The first of the queries is a clear attack, while the second of the queries could also present uncertainties due to the presence of the 1=1 literal.
Being a more restrictive query than the original, it would get the same or less values, which wouldn't be much. However, the system considers it as such and gives an output value of 0.66 and thus is filtered a priori, but this should not be a concern. This is one of the false positives presented by the system within the existing 7 in the 705.
The combination of different paradigms of AI enables the development of a HAIS with characteristics such as the ability to learn and reason, flexibility and robustness that enable the detection of SQL injection attacks. The proposed CBRid4SQL agent is able to detect these abnormal situations with low error rates compared to other existing techniques, as shown in Table 1. It also provides a decision mechanism that facilitates the assessment of suspicious queries through the selection of similar queries and their visualization with using neuronal models.
