An Adaptive Intrusion Detection and Prevention (ID/IP) Framework for Web Services

The advance in Web technology has lead to more and more applications being deployed over the Web service (WS) platform. However, the inherent security weaknesses of the WS platform have lead to these WS-based applications being vulnerable and targets for attacks. This paper identifies and describes the various vulnerabilities and security threats pertaining to WS. After examining the various existing defending mechanisms for WS, it is found that they are not adaptive and adequate in counter-measuring the WS attacks. An adaptive intrusion detection and prevention (ID/IP) framework to protect the WS against attacks related to SOAP/XML/SQL is thus introduced. Through illustration by examples, the framework demonstrated that by making use of agents that act as sensors, data mining techniques such as clustering, association and sequential rule coupled with fuzzy logic to further analyze and identify anomalies, is able to exhibit the adaptive nature of capturing anomalies and avoiding false alarms.

[1]  A. Murali,et al.  A Survey on Intrusion Detection Approaches , 2005, 2005 International Conference on Information and Communication Technologies.

[2]  Kai Hwang,et al.  Frequent episode rules for Internet anomaly detection , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[3]  G.S.V.R.K. Rao,et al.  A Hybrid Approach to Intrusion Detection and Prevention for Business Intelligence Applications , 2006, 2006 International Symposium on Communications and Information Technologies.

[4]  David Jacobs,et al.  Security Guards for the Future Web , 2004 .

[5]  Zhong-Yang Xiong,et al.  Distributed intrusion detection based on clustering , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[6]  Hyerim Bae,et al.  Document configuration control processes captured in a workflow , 2004, Comput. Ind..

[7]  Zair Abdelouahab,et al.  A Remote IDS Based on Multi-Agent Systems, Web Services and MDA , 2006, 2006 International Conference on Software Engineering Advances (ICSEA'06).

[8]  Bhavani M. Thuraisingham Security issues for the semantic Web , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[9]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[10]  SQL Injection Signatures Evasion , 2004 .

[11]  Chris Anley,et al.  Advanced SQL Injection In SQL Server Applications , 2002 .

[12]  Tak-Chung Fu,et al.  Agent-based network intrusion detection system using data mining approaches , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[13]  Gonzalo Álvarez,et al.  Labelling Clusters in an Intrusion Detection System Using a Combination of Clustering Evaluation Techniques , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[14]  Wei-Chuen Yau,et al.  Design and Implementation of an XML Firewall , 2006, 2006 International Conference on Computational Intelligence and Security.

[15]  Joonsoo Bae,et al.  WW-FLOW: Web-Based Workflow Management with Runtime Encapsulation , 2000, IEEE Internet Comput..

[16]  Dirk Riehle,et al.  Understanding and Using Patterns in Software Development , 1996, Theory Pract. Object Syst..

[17]  Rayford B. Vaughn,et al.  Adaptive intrusion detection with data mining , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[18]  Susan M. Bridges,et al.  Fuzzy frequent episodes for real-time intrusion detection , 2001, 10th IEEE International Conference on Fuzzy Systems. (Cat. No.01CH37297).

[19]  Randy H. Katz,et al.  Toward a unified framework for version modeling in engineering databases , 1990, CSUR.

[20]  Reidar Conradi,et al.  Version models for software configuration management , 1998, CSUR.

[21]  Jun Han,et al.  Security Attack Ontology for Web Services , 2006, SKG.

[22]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[23]  Walter F. Tichy,et al.  Rcs — a system for version control , 1985, Softw. Pract. Exp..

[24]  Li-Yong Ren,et al.  Using data mining to discover signatures in network-based intrusion detection , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[25]  Marc J. Rochkind,et al.  The source code control system , 1975, IEEE Transactions on Software Engineering.

[26]  Suraj C. Kothari,et al.  Eliminating SQL Injection Attacks - A Transparent Defense Mechanism , 2006, 2006 Eighth IEEE International Symposium on Web Site Evolution (WSE'06).

[27]  A. El-Semary,et al.  Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection , 2006, 2006 IEEE Information Assurance Workshop.

[28]  Arturo Ribagorda,et al.  Fuzzy logic on decision model for IDS , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..