Semantic System for Attacks and Intrusions Detection

The increasing development of information systems complicate task of protecting against threats. They have become vulnerable to malicious attacks that may affect the essential properties such as confidentiality, integrity and availability. Then the security becomes an overriding concern. Securing a system begins with prevention methods that are insufficient to reduce the danger of attacks, that must be accomplished by intrusion and attack detection systems. In this paper, a method for detecting web application attacks is proposed. Unlike methods based on signatures, the proposed solution is a technique based on ontology. It describes the Web attacks, the HTTP request, and the application using semantic rules. The system is able to detect effectively the sophisticated attacks by analysing user requests. The semantic rules allow inference about the ontologies models to detect complex variations of web attacks. The ontologies models was developed using description logics which was based Web Ontology Language OWL. The proposed system is able to be installed on an HTTP server.

[1]  Wei Cong,et al.  Anomaly intrusion detection based on PLS feature extraction and core vector machine , 2013, Knowl. Based Syst..

[2]  Javier Bajo,et al.  idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining , 2013, Inf. Sci..

[3]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[4]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Zhenhai Duan,et al.  Detecting Spam Zombies by Monitoring Outgoing Messages , 2012, IEEE Transactions on Dependable and Secure Computing.

[6]  Matthias Schonlau,et al.  Detecting masquerades in intrusion detection based on unpopular commands , 2000, Inf. Process. Lett..

[7]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8]  Salvatore J. Stolfo,et al.  Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic , 2009, NDSS.

[9]  Dianxiang Xu,et al.  Automated Security Test Generation with Formal Threat Models , 2012, IEEE Transactions on Dependable and Secure Computing.

[10]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[11]  Timothy W. Finin,et al.  Security for DAML Web Services: Annotation and Matchmaking , 2003, SEMWEB.

[12]  Lwin Khin Shar,et al.  Defending against Cross-Site Scripting Attacks , 2012, Computer.

[13]  Jong Kim,et al.  WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream , 2013, IEEE Transactions on Dependable and Secure Computing.

[14]  Biswanath Mukherjee,et al.  Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions , 1997 .

[15]  Bradley Malin,et al.  Detecting Anomalous Insiders in Collaborative Information Systems , 2012, IEEE Transactions on Dependable and Secure Computing.

[16]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[17]  Zahid Anwar,et al.  Semantic security against web application attacks , 2014, Inf. Sci..

[18]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[19]  Chien-Sing Lee,et al.  Policy-enhanced ANFIS model to counter SOAP-related attacks , 2012, Knowl. Based Syst..

[20]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[21]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[22]  V. Vaidehi,et al.  Fuzzy Rule-Base Based Intrusion Detection System on Application Layer , 2010, CNSA.

[23]  Roberto Tronci,et al.  HMMPayl: An intrusion detection system based on Hidden Markov Models , 2011, Comput. Secur..

[24]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.