An Agent Based Intelligent Dynamic Vulnerability Analysis Framework for Critical SQLIA Attacks

2018 ◽  
Vol 14 (3) ◽  
pp. 56-82 ◽  
Author(s):  
Jeya Mala Dharmalingam ◽  
M Eswaran
Keyword(s):  
Web Applications ◽  
Query Language ◽  
Vulnerability Analysis ◽  
Graph Searching ◽  
Analysis Framework ◽  
False Negatives ◽  
Agent Based ◽  
Injection Attacks ◽  
The Common ◽  
Post Condition

This article describes how software vulnerability analysis and testing for web applications should detect not only the common attacks but also dynamic vulnerability attacks. These are the attacks such as structured query language injection attacks (SQLIAs) which will extract the most crucial user information from the targeted database. In this proposed approach, an intelligent agent namely intelligent vulnerability analyzer agent (IVA) is proposed in which the external attacks due to dynamic user inputs are identified using a heuristic-guided intelligent graph searching and then a pre and post condition based analysis is performed to identify the dynamic vulnerabilities. Further, the proposed approach is compared with some of the existing works based on the number of false positives and false negatives of attacks detection and confirmed that the proposed work is a novel and effective one in finding out SQLIAs.

Bind but Dynamic Technique

2009 ◽  
pp. 880-890
Author(s):  
Ahmad Hammoud ◽  
Ramzi A. Haraty
Keyword(s):  
Web Application ◽  
Efficient Solution ◽  
Web Applications ◽  
Query Language ◽  
Sql Injection ◽  
Injection Attacks ◽  
Dynamic Technique ◽  
Structured Query Language ◽  
Sql Injection Attacks ◽  
Web Developers

Most Web developers underestimate the risk and the level of damage that might be caused when Web applications are vulnerable to SQL (structured query language) injections. Unfortunately, Web applications with such vulnerability constitute a large part of today’s Web application landscape. This article aims at highlighting the risk of SQL injection attacks and provides an efficient solution.

Prevention of SQL Injection Attacks in Web Browsers

2016 ◽  
pp. 174-208
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Credit Card ◽  
Web Applications ◽  
Query Language ◽  
User Input ◽  
Server Side ◽  
Injection Attacks ◽  
Structured Query Language ◽  
User Data ◽  
Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

Prevention of SQL Injection Attacks in Web Browsers

2018 ◽  
pp. 1240-1274
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Credit Card ◽  
Web Applications ◽  
Query Language ◽  
User Input ◽  
Server Side ◽  
Injection Attacks ◽  
Structured Query Language ◽  
User Data ◽  
Sql Injection Attacks

Applications that operate on the Web often interact with a database to persistently store data. For example, if an e-commerce application needs to store a user's credit card number, they typically retrieve the data from a Web form (filled out by the customer) and pass that data to some application or script running on the company's server. The dominant language that these database queries are written in is SQL, the Structured Query Language. Web applications can be vulnerable to a malicious user crafting input that gets executed on the server. One instance of this is an attacker entering Structured Query Language (SQL) commands into input fields, and then this data being used directly on the server by a Web application to construct a database query. The result could be an attacker's gaining control over the database and possibly the server. Care should be taken to validate user input on the server side before user data is used.

Developing Semantic Web Applications

2013 ◽  
pp. 320-331
Author(s):  
Qazi Mudassar Ilyas
Keyword(s):  
Semantic Web ◽  
Web Application ◽  
World Wide ◽  
Web Applications ◽  
Ontology Development ◽  
Semantic Web Technologies ◽  
Agent Based ◽  
Web Technologies ◽  
The Common ◽  
Content Annotation

Semantic Web promises to make the content on World Wide Web machine understandable, thus enabling creation of an agent based web where automated programs can accomplish a variety of tasks that involve interpretation of the content and are not possible with existing web technologies. As Semantic Web technologies are being adopted by the industry at a rapid place, there is the need to develop awareness among developer community about components of typical Semantic Web applications and principles driving the design of these components. This chapter gives a brief introduction to the Semantic Web and components common to all Semantic Web applications. The common components include ontology development, content annotation, and information extraction using reasoning. Basic design principles and available alternative choices are highlighted for ontology construction and content annotation. Reasoning component is not discussed because stable reasoners are available such as RACER, FaCT++ and Pallet and any Semantic Web application can make use of them without having to reinvent the wheel. A running example is used to enhance understandability of the concepts described.

scholarly journals Review of Cyber-Physical Attacks in Smart Grids: A System-Theoretic Perspective

Electronics ◽  
2021 ◽  
Vol 10 (10) ◽  
pp. 1153
Author(s):  
Francesco Liberati ◽  
Emanuele Garone ◽  
Alessandro Di Giorgio
Keyword(s):  
Smart Grid ◽  
State Estimation ◽  
Smart Grids ◽  
False Data Injection ◽  
Injection Attacks ◽  
The Common ◽  
Dynamical Properties ◽  
Attack Models

This paper presents a review of technical works in the field of cyber-physical attacks on the smart grid. The paper starts by discussing two reference mathematical frameworks proposed in the literature to model a smart grid under attack. Then, a review of cyber-physical attacks on the smart grid is presented, starting from works on false data injection attacks against state estimation. The aim is to present a systematic and quantitative discussion of the basic working principles of the attacks, also in terms of the inner smart grid vulnerabilities and dynamical properties exploited by the attack. The main contribution of the paper is the attempt to provide a unifying view, highlighting the fundamental aspects and the common working principles shared by the attack models, even when targeting different subsystems of the smart grid.

scholarly journals Agent-Based Modeling Framework for Electric Vehicle Adoption Transition in Indonesia

2021 ◽  
Vol 12 (2) ◽  
pp. 73
Author(s):  
Dita Novizayanti ◽  
Eko Agus Prasetio ◽  
Manahan Siallagan ◽  
Sigit Puji Santosa
Keyword(s):  
Electric Vehicles ◽  
Data Analytics ◽  
Agent Based Modeling ◽  
Analysis Framework ◽  
Modeling Framework ◽  
Agent Based ◽  
Twitter Data ◽  
Decision Making Processes ◽  
Electric Vehicle Adoption ◽  
Technical Features

Currently, the adoption of electric vehicles (EV) draws much attention, as the environmental issue of reducing carbon emission is increasing worldwide. However, different countries face different challenges during this transition, particularly developing countries. This research aims to create a framework for the transition to EV in Indonesia through Agent-Based Modeling (ABM). The framework is used as the conceptual design for ABM to investigate the effect of agents’ decision-making processes at the microlevel into the number of adopted EV at the macrolevel. The cluster analysis is equipped to determine the agents’ characteristics based on the categories of the innovation adopters. There are 11 significant variables and four respondents’ clusters: innovators, early majority, late majority, and the uncategorized one. Moreover, Twitter data analytics are utilized to investigate the information engagement coefficient based on the agents’ location. The agents’ characteristics which emerged from this analysis framework will be used as the fundamental for investigating the effect of agents’ specific characteristics and their interaction through ABM for further research. It is expected that this framework will enable the discovery of which incentive scheme or critical technical features effectively increase the uptake of EV according to the agents’ specific characteristics.

Sign in / Sign up

Export Citation Format

Share Document