SiC: An agent based architecture for preventing and detecting attacks to ubiquitous databases

One of the main attacks to ubiquitous databases is the structure query language (SQL) injection attack, which causes severe damages both in the commercial aspect and in the user’s confidence. This chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hier...

Descripción completa

Detalles Bibliográficos
Autores: Pinzón Trejos, Cristian, De Paz, Yanira, Bajo, Javier, Abraham, Ajith, Corchado, Juan
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2009
País:Panamá
Institución:Universidad Tecnológica de Panamá
Repositorio:Repositorio Institucional de documento digitales de acceso abierto de la UTP
Idioma:inglés
OAI Identifier:oai:ridda2.utp.ac.pa:123456789/4884
Acceso en línea:https://link.springer.com/chapter/10.1007/978-1-84882-599-4_11
http://ridda2.utp.ac.pa/handle/123456789/4884
Access Level:acceso embargado
Palabra clave:SQL injection
Security database
Intrusion detection system
Multiagent
Case based reasoning
Descripción
Sumario:One of the main attacks to ubiquitous databases is the structure query language (SQL) injection attack, which causes severe damages both in the commercial aspect and in the user’s confidence. This chapter proposes the SiC architecture as a solution to the SQL injection attack problem. This is a hierarchical distributed multiagent architecture, which involves an entirely new approach with respect to existing architectures for the prevention and detection of SQL injections. SiC incorporates a kind of intelligent agent, which integrates a case-based reasoning system. This agent, which is the core of the architecture, allows the application of detection techniques based on anomalies as well as those based on patterns, providing a great degree of autonomy, flexibility, robustness and dynamic scalability. The characteristics of the multiagent system allow an architecture to detect attacks from different types of devices, regardless of the physical location. The architecture has been tested on a medical database, guaranteeing safe access from various devices such as PDAs and notebook computers.