Exploring usage of ontology for HTTP response splitting attack

Ever increasing use of web application creates the number of threats and vulnerability in e-community. 81% of hacking attacks are directed towards web applications, which impose a great security threat to online banking, e-commerce and other organizations. Most of traditional Intrusion Detection Systems are useful for network layer attacks detection and fails to detect web application attacks with significant detection rate and show higher false alarm rate. Ontology is useful for the semantic rule generation which contains concepts specified by meaning and relationship. This paper covers the details of HTTP response splitting attack and proposes ontology that can be useful for its detection.

[1]  Marco Vieira,et al.  Defending against Web Application Vulnerabilities , 2012, Computer.

[2]  Kasia Muldner,et al.  The challenges of using an intrusion detection system: is it worth the effort? , 2008, SOUPS '08.

[3]  Frank S. Rietta Application layer intrusion detection for SQL injection , 2006, ACM-SE 44.

[4]  José M. Fernandez,et al.  ONTIDS: A Highly Flexible Context-Aware and Ontology-Based Alert Correlation Framework , 2013, FPS.

[5]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.

[6]  Lwin Khin Shar,et al.  Defending against Cross-Site Scripting Attacks , 2012, Computer.

[7]  Bradley Malin,et al.  Detecting Anomalous Insiders in Collaborative Information Systems , 2012, IEEE Transactions on Dependable and Secure Computing.

[8]  Peter Mell,et al.  NIST Special Publication on Intrusion Detection Systems , 2001 .

[9]  Lilly Suriani Affendey,et al.  Intrusion detection using data mining techniques , 2010, 2010 International Conference on Information Retrieval & Knowledge Management (CAMP).

[10]  Sushil Jajodia,et al.  Integrating trust management and access control in data-intensive Web applications , 2012, TWEB.

[11]  Hung-Min Sun,et al.  oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks , 2012, IEEE Transactions on Information Forensics and Security.

[12]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[13]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[14]  Hiroki Takakura,et al.  Toward a more practical unsupervised anomaly detection system , 2013, Inf. Sci..

[15]  Natheer Khasawneh,et al.  Analysis and Identification of Malicious JavaScript Code , 2012, Inf. Secur. J. A Glob. Perspect..

[16]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[17]  Zahid Anwar,et al.  Semantic security against web application attacks , 2014, Inf. Sci..

[18]  David Hylender,et al.  Data Breach Investigations Report , 2011 .

[19]  Sushil Jajodia,et al.  Intrusion Detection Techniques , 2004 .

[20]  F. Abdoli,et al.  An Attacks Ontology for computer and networks attack , 2008, SCSS.

[21]  R GruberThomas Toward principles for the design of ontologies used for knowledge sharing , 1995 .