Multi-Agent System for Detecting and Blocking SQL Injection

This study presents detection of SQL injection queries by a multi level architecture which uses multiple agents. The SQL injection attacks are one of the biggest security threats in databases. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. The proposed architecture is based on a hierarchical and distributed strategy where the functionalities are structured on layers. SQL-injection attacks, one of the most dangerous attacks to online databases, are the focus of this research. The agents in each one of the layers are specialized in specific tasks, such as syntax check of queries, data classification, and visualization. The study uses multiple agents in a multi layer architecture, where each agent functions differently and assigns functions to other agent to detect and block SQL injection queries. This study describes two important agents under hybrid architecture: an agent which classifies SQL queries using a Case-Based Reasoning engine based on Legal/illegal/Suspicious. Later if query is still suspicious the query is passed to the human expert by control agents, from where query can be finally classified. The chance of the query reaching to the human expert agent in this system is very low. Thus this study is very effective and efficient to detect and block hazardous SQL injection query fired by an attacker. The system acts as a firewall between an application and database. The use of multi agents helps the cause effectively.