TY - GEN
T1 - Human agent knowledge transfer applied to web security
AU - Kulkarni, Chinmay C.
AU - Kulkarni, S. A.
PY - 2013
Y1 - 2013
N2 - Web Applications today rely heavily on database for storage of information & processing of the same. In the same time plenty of threats & security attacks are being launched against web - applications that are aimed to inject commands and gain unauthorized access to the sensitive information from the back-end database. Plenty of attacks exploit vulnerabilities of web-based applications, with majority because of input validation flaws. If the input provided by user is not sanitized correctly, then it is easily possible to launch variety of attacks that force web-based applications to compromise the security of back-end databases. In this work we propose a novel approach for detecting the SQL Injection attacks by applying TD machine learning technique. In this approach first the SQL query is compared with KB and if the query matches KB then it is a genuine query and database access is given. But in case of SQLIA queries, they are subjected to tokenization and then SQL query analysis is performed. A model based RL using TD learning is developed to distinguish between genuine & SQLIA queries. In the model, if the query traverses the path & reaches final state with higher rewards then it is termed as a SQLIA query.
AB - Web Applications today rely heavily on database for storage of information & processing of the same. In the same time plenty of threats & security attacks are being launched against web - applications that are aimed to inject commands and gain unauthorized access to the sensitive information from the back-end database. Plenty of attacks exploit vulnerabilities of web-based applications, with majority because of input validation flaws. If the input provided by user is not sanitized correctly, then it is easily possible to launch variety of attacks that force web-based applications to compromise the security of back-end databases. In this work we propose a novel approach for detecting the SQL Injection attacks by applying TD machine learning technique. In this approach first the SQL query is compared with KB and if the query matches KB then it is a genuine query and database access is given. But in case of SQLIA queries, they are subjected to tokenization and then SQL query analysis is performed. A model based RL using TD learning is developed to distinguish between genuine & SQLIA queries. In the model, if the query traverses the path & reaches final state with higher rewards then it is termed as a SQLIA query.
UR - https://www.scopus.com/pages/publications/84894411050
UR - https://www.scopus.com/pages/publications/84894411050#tab=citedBy
U2 - 10.1109/ICCCNT.2013.6726770
DO - 10.1109/ICCCNT.2013.6726770
M3 - Conference contribution
AN - SCOPUS:84894411050
SN - 9781479939268
T3 - 2013 4th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2013
BT - 2013 4th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2013
T2 - 2013 4th International Conference on Computing, Communications and Networking Technologies, ICCCNT 2013
Y2 - 4 July 2013 through 6 July 2013
ER -