Currently, one of the most dangerous and common threats to databases and Web applications is the SQL injection attack. It typically involves malicious modifications of the user SQL input either by adding additional clauses or by changing the structure of an existing clause. SQL injection enables attackers to access, modify, or delete critical information in a database without proper authorization. In spite of being a well-known type of attack, the SQL injection remains at the top of the published list of security threats. The solutions proposed so far seem insufficient to prevent and block this type of attack because these solutions lack the learning and adaptation capabilities for dealing with 0-day (previously unseen) attacks as well as new or future variations of attacks. Furthermore, the vast majority of these solutions are based on centralized mechanisms, with little capacity to work in distributed and dynamic environments.
The developed system is based on a hierarchical and distributed strategy where the functionalities are structured on layers. SQL-injection attacks, one of the most dangerous attacks to online databases. The agents in each one of the layers are specialized in specific tasks, such as data gathering, data classification, and visualization. This works presents two key agents under a hybrid architecture: a classifier agent that incorporates a Case-Based Reasoning engine employing advanced algorithms in the reasoning cycle stages, and a visualizer agent that integrates several techniques to facilitate the visual analysis of suspicious queries. The former incorporates a new classification model based on a mixture of a neural network and a Support Vector Machine in order to classify SQL queries in a reliable way. The latter combines clustering and neural projection techniques to support the visual analysis and identification of target attacks.