DocumentCode :
3126997
Title :
Human agent knowledge transfer applied to web security
Author :
Kulkarni, Chinmay C. ; Kulkarni, Sandhya A.
Author_Institution :
Dept. of CSE, Visvesvaraya Technol. Univ., Belgaum, India
fYear :
2013
fDate :
4-6 July 2013
Firstpage :
1
Lastpage :
4
Abstract :
Web Applications today rely heavily on database for storage of information & processing of the same. In the same time plenty of threats & security attacks are being launched against web - applications that are aimed to inject commands and gain unauthorized access to the sensitive information from the back-end database. Plenty of attacks exploit vulnerabilities of web-based applications, with majority because of input validation flaws. If the input provided by user is not sanitized correctly, then it is easily possible to launch variety of attacks that force web-based applications to compromise the security of back-end databases. In this work we propose a novel approach for detecting the SQL Injection attacks by applying TD machine learning technique. In this approach first the SQL query is compared with KB and if the query matches KB then it is a genuine query and database access is given. But in case of SQLIA queries, they are subjected to tokenization and then SQL query analysis is performed. A model based RL using TD learning is developed to distinguish between genuine & SQLIA queries. In the model, if the query traverses the path & reaches final state with higher rewards then it is termed as a SQLIA query.
Keywords :
Internet; SQL; learning (artificial intelligence); security of data; software agents; SQL injection attacks; SQL query analysis; SQLIA queries; TD machine learning; Web applications; Web security; back-end databases; database access; genuine query; human agent knowledge transfer; model based RL; query traverses; security attacks; sensitive information; tokenization; Computer hacking; Databases; Games; Grippers; Intrusion detection; Testing; HAT; Reinforcement Learning; SQL; SQLIA; TD Learning;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computing, Communications and Networking Technologies (ICCCNT),2013 Fourth International Conference on
Conference_Location :
Tiruchengode
Print_ISBN :
978-1-4799-3925-1
Type :
conf
DOI :
10.1109/ICCCNT.2013.6726770
Filename :
6726770
Link To Document :
بازگشت