Hybrid Multi-Agents System Vulnerability Scanner For Detecting SQL Injection Attacks In Web Applications

Abstract

Web applications form part of our daily life due to their appropriateness, flexibility, availability, usability and interoperability. This has allowed most organizations map their businesses globally and facilitate information exchange. They embrace a multi-tier architectural design where the third tier is a database and the core component within an organization. The issue of concern in web applications is dealing with security. There has been a dramatic increase in web application vulnerabilities being reported as attackers improve their skill and competencies to defeat the existing techniques. The main objective of this study was to investigate agent-based vulnerability scanners systems for detecting SQL injection attacks in web applications and formulate system requirements. To achieve this objective, a desktop review was used to test the time taken to scan, the accuracy and number of vulnerabilities detected by three existing systems i.e. Vega, Wapiti and Zap. The test was performed across three web application i.e webgoat, vicnum and genhoud. Vega – Performed better in detecting SQL injections but the scanning time was high, it also showed a better representation of vulnerabilities detected because it categorized the vulnerabilities as either high, medium or low. Wapiti – was above average, it was able to take average time in scanning web applications, however, it could not discover all SQL vulnerabilities. Zap- did not perform well in the time taken to scan web vulnerability and its discovery. The gaps in the existing systems under study led to the development of a hybrid multi-agents system Ron Scanner to address the limitation of the existing systems. Ron Scanner – Performed better than all the others tools tested. It recorded a mean scan time of 16.5 % which is the lowest as compared to other vulnerabilities. The results demonstrate that the proposed hybrid multi-agent system is able to perform a scan on a web application faster than Vega, Wapiti, and Zap scanners. The mean scan time is 2.2 sec lower and the mean vulnerabilities detected is 0.4sec higher in our proposed hybrid multi-agent system. Additionally, the system is more accurate in detecting SQL vulnerabilities. From the findings, the author recommends the use of a hybrid multi-agents system to detect SQL web applications vulnerabilities, as it provides a better coverage with no false positive and false negative limited time to scan, improved detection trend and accuracy as compared with already existing vulnerabilities scanners. Keywords: Web vulnerability scanners, Multi-agents, SQL injection attacks, and web-based applications.