Skip to main content
SpringerLink
Log in
Book cover

Workshops on Applications of Evolutionary Computation

EvoWorkshops 2009: Applications of Evolutionary Computing pp 1–10Cite as

Web Application Security through Gene Expression Programming

  • Conference paper

  • 2059 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5484))

Abstract

In the paper we present a novel approach based on applying a modern metaheuristic Gene Expression Programming (GEP) to detecting web application attacks. This class of attacks relates to malicious activity of an intruder against applications, which use a database for storing data. The application uses SQL to retrieve data from the database and web server mechanisms to put them in a web browser. A poor implementation allows an attacker to modify SQL statements originally developed by a programmer, which leads to stealing or modifying data to which the attacker has not privileges. Intrusion detection problem is transformed into classification problem, which the objective is to classify SQL queries between either normal or malicious queries. GEP is used to find a function used for classification of SQL queries. Experimental results are presented on the basis of SQL queries of different length. The findings show that the efficiency of detecting SQL statements representing attacks depends on the length of SQL statements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferreira, C.: Gene Expression Programming: A New Adaptive Algorithm for Solving Problems. Complex Systems 13(2), 87–129 (2001)

    MathSciNet  MATH  Google Scholar 

  2. Ferreira, C.: Gene Expression Programming: Mathematical Modeling by an Artificial Intelligence. Angra do Heroismo, Portugal (2002)

    MATH  Google Scholar 

  3. Ferreira, C.: Gene Expression Programming and the Evolution of Computer Programs. In: de Castro, L.N., Von Zuben, F.J. (eds.) Handbook of Intelligent Control: Neural, Fuzzy, and Adaptive Appraoches (Recent Developments in Biologically Inspired Computing). Idea Group Publishing (2004)

    Google Scholar 

  4. Koza, J.R.: Genetic Proramming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)

    MATH  Google Scholar 

  5. Kruegel, C., Vigna, G.: Anomaly Detection of Web-based Attacks. In: Proc. 10th ACM Conference on Computer and Communication Security, pp. 251–261 (2003)

    Google Scholar 

  6. Litvinenko, V.I., Bidyuk, P.I., Bardachov, J.N., Sherstjuk, V.G., Fefelov, A.A.: Combining Clonal Selection Algorithm and Gene Expression Programming for Time Series Prediction. In: Proc. Third Workshop 2005 IEEE : Technology andIntelligent Data Acquisition and Advanced Computing Systems Applications, pp. 133–138 (2005)

    Google Scholar 

  7. Linn, S.: A New Conceptual Approach to Teaching the Interpretation of Clinical Tests. Journal of Statistics Education 12(3) (2004)

    Google Scholar 

  8. Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: Proc. Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Austria (2005)

    Google Scholar 

  9. Zhou, C., Nelson, P.C., Xiao, W., Tirpak, T.M.: Discovery of Classification Rules by Using Gene Expression Programming. In: Proc. International Conference on Artificial Intelligence, Las Vegas, pp. 1355–1361 (2002)

    Google Scholar 

  10. Zhou, C., Xiao, W., Nelson, P.C., Tirpak, T.M.: Evolving Accurate and Compact Classification Rules with Gene Expression Programming. IEEE Transactions on Evolutionary Computation 7(6), 519–531 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, University of Podlasie, Sienkiewicza 51, 08-110, Siedlce, Poland

    Jaroslaw Skaruz

  2. Polish-Japanese Institute of Information Technology, Koszykowa 86, 02-008, Warsaw, Poland

    Franciszek Seredynski

  3. Institute of Computer Science, Polish Academy of Sciences, Ordona 21, 01-237, Warsaw, Poland

    Franciszek Seredynski

Authors
  1. Jaroslaw Skaruz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Franciszek Seredynski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Animal Production Epidemiology and Ecology, University of Torino, Via Leonardo da Vinci 44, 10095, Grugliasco, Italy

    Mario Giacobini

  2. Quinn School of Business, Belfield, University College Dublin, Dublin 4, Ireland

    Anthony Brabazon

  3. Department of Computer Engineering, University of Parma, Viale Usberti 181/a, 43100, Parma, Italy

    Stefano Cagnoni

  4. Dalla Molle Institute for Artificial Intelligence (IDSIA), Gallelria 2, 6928, Manno-Lugano, Switzerland

    Gianni A. Di Caro

  5. School of Engineering and Applied Science,Aston Triangle, Aston University, B4 7ET, Birmingham, UK

    Anikó Ekárt

  6. Complex Adaptive Systems Group, Instituto Tecnológico de Informática, Ciudad PolitŽcnica de la Innovacin, Edif. 8G Acceso B, 46022, Valencia, Spain

    Anna Isabel Esparcia-Alcázar

  7. Next Generation Itelligent Networks Research Center (nexGIN RC), National University of Computer and Emerging Sciences (NUCES), Islamabad, Pakistan

    Muddassar Farooq

  8. Faculty of Economics and Social Sciences, Helmut-Schmidt-University, Holstenhofweg 85, 22043, Hamburg, Germany

    Andreas Fink

  9. Department of Informatics Engineering, Polo II - Pinhal de Marrocos, University of Coimbra, 3030 - 290, Coimbra, Portugal

    Penousal Machado

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Skaruz, J., Seredynski, F. (2009). Web Application Security through Gene Expression Programming. In: Giacobini, M., et al. Applications of Evolutionary Computing. EvoWorkshops 2009. Lecture Notes in Computer Science, vol 5484. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01129-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01129-0_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01128-3

  • Online ISBN: 978-3-642-01129-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation