Web Application Security through Gene Expression Programming

Created by W.Langdon from gp-bibliography.bib Revision:1.4333

  title =        "Web Application Security through Gene Expression
  author =       "Jaroslaw Skaruz and Franciszek Seredynski",
  booktitle =    "Applications of Evolutionary Computing, EvoWorkshops
                 2009: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES,
                 EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM,
                 EvoSTOC, EvoTRANSLOG",
  editor =       "Mario Giacobini and Anthony Brabazon and 
                 Stefano Cagnoni and Gianni A. Di Caro and 
                 Anik{\'o} Ek{\'a}rt and Anna Esparcia-Alc{\'a}zar and Muddassar Farooq and 
                 Andreas Fink and Penousal Machado and Jon McCormack and 
                 Michael O'Neill and Ferrante Neri and Mike Preuss and 
                 Franz Rothlauf and Ernesto Tarantino and 
                 Shengxiang Yang",
  volume =       "5484",
  series =       "Lecture Notes in Computer Science",
  address =      "Tubingen, Germany",
  year =         "2009",
  pages =        "1--10",
  month =        apr # " 15-17",
  organisation = "EvoStar",
  publisher =    "Springer",
  keywords =     "genetic algorithms, genetic programming, gene
                 expression programming",
  isbn13 =       "978-3-642-01128-3",
  bibdate =      "2009-04-16",
  bibsource =    "DBLP,
  DOI =          "doi:10.1007/978-3-642-01129-0_1",
  abstract =     "In the paper we present a novel approach based on
                 applying a modern metaheuristic Gene Expression
                 Programming (GEP) to detecting web application attacks.
                 This class of attacks relates to malicious activity of
                 an intruder against applications, which use a database
                 for storing data. The application uses SQL to retrieve
                 data from the database and web server mechanisms to put
                 them in a web browser. A poor implementation allows an
                 attacker to modify SQL statements originally developed
                 by a programmer, which leads to stealing or modifying
                 data to which the attacker has not privileges.
                 Intrusion detection problem is transformed into
                 classification problem, which the objective is to
                 classify SQL queries between either normal or malicious
                 queries. GEP is used to find a function used for
                 classification of SQL queries. Experimental results are
                 presented on the basis of SQL queries of different
                 length. The findings show that the efficiency of
                 detecting SQL statements representing attacks depends
                 on the length of SQL statements.",
  notes =        "EvoWorkshops2009 held in conjunction with EuroGP2009,
                 EvoCOP2009, EvoBIO2009",

Genetic Programming entries for Jaroslaw Skaruz Franciszek Seredynski