Abstract
In the paper we present a novel approach based on applying a modern metaheuristic Gene Expression Programming (GEP) to detecting web application attacks. This class of attacks relates to malicious activity of an intruder against applications, which use a database for storing data. The application uses SQL to retrieve data from the database and web server mechanisms to put them in a web browser. A poor implementation allows an attacker to modify SQL statements originally developed by a programmer, which leads to stealing or modifying data to which the attacker has not privileges. Intrusion detection problem is transformed into classification problem, which the objective is to classify SQL queries between either normal or malicious queries. GEP is used to find a function used for classification of SQL queries. Experimental results are presented on the basis of SQL queries of different length. The findings show that the efficiency of detecting SQL statements representing attacks depends on the length of SQL statements.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ferreira, C.: Gene Expression Programming: A New Adaptive Algorithm for Solving Problems. Complex Systems 13(2), 87–129 (2001)
Ferreira, C.: Gene Expression Programming: Mathematical Modeling by an Artificial Intelligence. Angra do Heroismo, Portugal (2002)
Ferreira, C.: Gene Expression Programming and the Evolution of Computer Programs. In: de Castro, L.N., Von Zuben, F.J. (eds.) Handbook of Intelligent Control: Neural, Fuzzy, and Adaptive Appraoches (Recent Developments in Biologically Inspired Computing). Idea Group Publishing (2004)
Koza, J.R.: Genetic Proramming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)
Kruegel, C., Vigna, G.: Anomaly Detection of Web-based Attacks. In: Proc. 10th ACM Conference on Computer and Communication Security, pp. 251–261 (2003)
Litvinenko, V.I., Bidyuk, P.I., Bardachov, J.N., Sherstjuk, V.G., Fefelov, A.A.: Combining Clonal Selection Algorithm and Gene Expression Programming for Time Series Prediction. In: Proc. Third Workshop 2005 IEEE : Technology andIntelligent Data Acquisition and Advanced Computing Systems Applications, pp. 133–138 (2005)
Linn, S.: A New Conceptual Approach to Teaching the Interpretation of Clinical Tests. Journal of Statistics Education 12(3) (2004)
Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: Proc. Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Austria (2005)
Zhou, C., Nelson, P.C., Xiao, W., Tirpak, T.M.: Discovery of Classification Rules by Using Gene Expression Programming. In: Proc. International Conference on Artificial Intelligence, Las Vegas, pp. 1355–1361 (2002)
Zhou, C., Xiao, W., Nelson, P.C., Tirpak, T.M.: Evolving Accurate and Compact Classification Rules with Gene Expression Programming. IEEE Transactions on Evolutionary Computation 7(6), 519–531 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skaruz, J., Seredynski, F. (2009). Web Application Security through Gene Expression Programming. In: Giacobini, M., et al. Applications of Evolutionary Computing. EvoWorkshops 2009. Lecture Notes in Computer Science, vol 5484. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01129-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-01129-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01128-3
Online ISBN: 978-3-642-01129-0
eBook Packages: Computer ScienceComputer Science (R0)