Actas JISBD 2009, pp.209-214, ISBN: 978-84-692-4211-7 ©2009 Los autores An Adaptive Mechanism to Protect Databases against SQL Injection Cristian I. Pinzón, Juan F. De Paz, Javier Bajo, Juan M. Corchado Universidad de Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain {cristian_ivanp, fcofds, jbajope, corchado}@usal.es Abstract. The purpose of this article is to present an adaptive and intelligent mechanism that can handle SQL injection attacks. This proposal focuses on integrating a case-based reasoning (CBR) mechanism with a neural network. The proposed solution thus adapts to changes in attack patterns and provides the ability to detect attacks independently of their evolution. A prototype of the architecture was developed and the results obtained are presented in this study. Keywords: SQL Injection, database security, case-based reasoning, neural network 1 Introduction SQL injections are one of the security problems for web solutions that involve unauthorized access to databases [1]. This attack takes place at the database layer when a user request that has been sent through an HTTP request is executed without prior validation. Various approaches have attempted to deal with the problem of SQL injections [1] [2] [3] [4] [5]. However, the biggest inconvenience of these solutions is their inability to adapt to the rapid changes in attack patterns, which renders them a bit inefficient in the long term. More complex SQL attacks are characterized by the various techniques used for remaining undetected by existing security solutions. This article presents the SQLCBR classifier. It is a new solution that incorporates a detection strategy that compares attack patterns (signature detection) and a detection pattern that studies the behavior in the technique of the attack (anomaly detection). The former strategy applies an initial filter to detect simple attacks, while the latter focuses on complex attacks that remain unsolved after the first filter. This strategy is based on a CBR reasoning mechanism combined with a Perceptron Multilayer neural network. The CBR system is the key component of the SQLCBR classifier mechanism. The CBR systems are based on the notion that similar problems have similar solutions [6][7]. By combining the CBR mechanism with the neural network, the system we propose is able to learn quickly and adapt to changes in the SQL attack patterns, thus facilitating the task of determining when a user request actually involves a type of SQL injection attack.