Web Attack Detection Using ID3

Abstract: Abstract. Decision tree learning algorithms have been successfully used in knowledge discovery. They use induction in order to provide an appropriate classification of objects in terms of their attributes, inferring decision tree rules. This paper reports on the use of ID3 to Web attack detection. Even though simple, ID3 is sufficient to put apart a number of Web attacks, including a large proportion of their variants. It also surpasses existing methods: it portrays a higher true-positive detection rate and a … Show more

“…Different strategies have been presented as a solution to the problem of SQL injection attacks [1], with special attention given to strategies based on IDSs [2], [3], [4], [5], [6], [7], [8], [9]. One approach based on anomaly detection was proposed by [2], applying a clustering strategy to group similar queries and isolate queries which are considered malicious.…”

“…However, it is susceptible to generating false positives. The algorithm ID3, presented by Garcia, Monroy and Quintana [8], proposes the detection of attacks targeted at web applications. The algorithm ID3 is used to detect and filter malicious SQL strings, presenting a significant percentage of incorrect classifications.…”

“…This attack can be used to gain confidential information, to bypass authentication mechanisms, to modify the database, and to execute arbitrary code [2]. A large number of solutions has been proposed so far [3], [4], [5], [6], [7], [8], [9], but they can not defend against sophisticated attack techniques such as those that use alternate encodings and database commands to dynamically construct SQL strings. These approaches lack the learning and adaptation capabilities for dealing with attacks and their possible variations in the future.…”

AIIDA-SQL: An Adaptive Intelligent Intrusion Detector Agent for detecting SQL Injection attacks

“…Different strategies have been presented as a solution to the problem of SQL injection attacks [1], with special attention given to strategies based on IDSs [2], [3], [4], [5], [6], [7], [8], [9]. One approach based on anomaly detection was proposed by [2], applying a clustering strategy to group similar queries and isolate queries which are considered malicious.…”

“…However, it is susceptible to generating false positives. The algorithm ID3, presented by Garcia, Monroy and Quintana [8], proposes the detection of attacks targeted at web applications. The algorithm ID3 is used to detect and filter malicious SQL strings, presenting a significant percentage of incorrect classifications.…”

“…This attack can be used to gain confidential information, to bypass authentication mechanisms, to modify the database, and to execute arbitrary code [2]. A large number of solutions has been proposed so far [3], [4], [5], [6], [7], [8], [9], but they can not defend against sophisticated attack techniques such as those that use alternate encodings and database commands to dynamically construct SQL strings. These approaches lack the learning and adaptation capabilities for dealing with attacks and their possible variations in the future.…”

AIIDA-SQL: An Adaptive Intelligent Intrusion Detector Agent for detecting SQL Injection attacks

“…Different strategies have been presented as a solution to the problem of SQL injection attacks [1], with special attention given to strategies based on IDSs [2], [3], [4], [5], [6], [7], [8]. One approach based on anomaly detection was proposed by [2], applying a clustering strategy to group similar queries and isolate queries which are considered malicious.…”

“…In spite of it being a well-known type of attack, the SQL injection remains at the top of the published threat list. The solutions proposed so far [2], [3], [4], [5], [6], [7], [8] seem insufficient to prevent and block this type of attack because these solutions lack the learning and adaptation capabilities for dealing with attacks and their possible variations in the future. In addition, the vast majority of solutions are based on centralized mechanisms with little capacity to work in distributed and dynamic environments.…”

CBRid4SQL: A CBR Intrusion Detector for SQL Injection Attacks

Anomaly Detection on Web-User Behaviors Through Deep Learning