Applied web traffic analysis for numerical encoding of SQL Injection attack features.

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.

Securing Disunion: young people’s nationalism, identities and (in)securities in the campaign for an independent Scotland.

This paper explores ethnic and religious minority youth perspectives of security and nationalism in Scotland during the independence campaign in 2014.  We discuss how young people co-construct narratives of Scottish nationalism alongside minority ethnic and faith identities in order to feel secure. By critically combining literatures from feminist geopolitics, international relations (IR) and children’s emotional geographies, we employ the concept of ‘ontological security’. The paper departs from state-centric approaches to security to explore the relational entanglements between geopolitical discourses and the ontological security of young people living through a moment of political change. We examine how everyday encounters with difference can reflect broader geopolitical narratives of security and insecurity, which subsequently trouble notions of ‘multicultural nationalism’ in Scotland and demonstrate ways that youth ‘securitize the self’ (Kinnvall, 2004). The paper responds to calls for empirical analyses of youth perspectives on nationalism and security (Benwell, 2016) and on the nexus between security and emotional subjectivity in critical geopolitics (Pain, 2009; Shaw et al., 2014). Funded by the Arts and Humanities Research Council (AHRC), this paper draws on focus group and interview data from 382 ethnic and religious minority young people in Scotland collected over the 12-month period of the campaign. Keywords: nationalism, young people, race and ethnicity, ontological security, everyday geopolitics