Detecting Web Application Attacks with Use of Gene Expression Programming
Created by W.Langdon from
gp-bibliography.bib Revision:1.8081
- @InProceedings{Skaruz:2009:cec,
-
author = "Jaroslaw Skaruz and Franciszek Seredynski",
-
title = "Detecting Web Application Attacks with Use of Gene
Expression Programming",
-
booktitle = "2009 IEEE Congress on Evolutionary Computation",
-
year = "2009",
-
editor = "Andy Tyrrell",
-
pages = "2029--2035",
-
address = "Trondheim, Norway",
-
month = "18-21 " # may,
-
organization = "IEEE Computational Intelligence Society",
-
publisher = "IEEE Press",
-
isbn13 = "978-1-4244-2959-2",
-
file = "P120.pdf",
-
DOI = "doi:10.1109/CEC.2009.4983190",
-
abstract = "In the paper we present a novel approach based on
applying a modern metaheuristic Gene Expression
Programming (GEP) to detecting web application attacks.
This class of attacks relates to malicious activity of
an intruder against applications, which use a database
for storing data. The application uses SQL to retrieve
data from the database and web server mechanisms to put
them in a web browser. A poor implementation allows an
attacker to modify SQL statements originally developed
by a programmer, which leads to stealing or modifying
data to which the attacker has not privileges. While
the attack consists in modification of SQL queries sent
to the database, they are the only one source of
information used for detecting attacks. Intrusion
detection problem is transformed into classification
problem, which the objective is to classify SQL queries
between either normal or malicious queries. GEP is used
to find a function used for classification of SQL
queries. Experimental results are presented on the
basis of SQL queries of different length. The findings
show that the efficiency of detecting SQL statements
representing attacks depends on the length of SQL
statements. Additionally we studied the impact of
classification threshold on the obtained results.",
-
keywords = "genetic algorithms, genetic programming, gene
expression programming",
-
notes = "CEC 2009 - A joint meeting of the IEEE, the EPS and
the IET. IEEE Catalog Number: CFP09ICE-CDR",
- }
Genetic Programming entries for
Jaroslaw Skaruz
Franciszek Seredynski
Citations