Using response action with intelligent intrusion detection and prevention system against web application malware

Purpose – The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. Design/methodology/approach – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). Findings – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. Research limitations/implications – Data limitation. Originality/value – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Download Full-text

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014010102 ◽

2014 ◽

Vol 5 (1) ◽

pp. 19-38

Author(s):

Romaric Ludinard ◽

Éric Totel ◽

Frédéric Tronel ◽

Vincent Nicomette ◽

Mohamed Kaâniche ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection System ◽

Source Code ◽

Web Attacks ◽

Application Profile ◽

The Web ◽

Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Download Full-text

A HYBRID APPROACH OF INTRUSION DETECTION SYSTEM BASED ON NEURAL NETWORK AND NORMALIZATION

INTERNATIONAL JOURNAL ONLINE OF SCIENCE ◽

10.24113/ijoscience.v2i2.76 ◽

2016 ◽

Vol 2 (2) ◽

Author(s):

Kavita Patil ◽

Dr. Bhupesh Gour ◽

Mr. Deepak Tomar

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Hybrid Approach ◽

Attack Detection ◽

Proper Action ◽

Prevention System ◽

Event Handling ◽

Intrusion Detection And Prevention

In the whole world, the most famous threat that are spread around is done by the intruder computers over the internet. The types of external activity found over the system are termed as intrusion and the mechanism that is applied for the preservation of the information against these intrusions are called as intrusion detection system. For protecting the network, first there is a need to detect the attacks then take the proper action regarding it. There are techniques applied for scanning and analysing for highlighting the susceptibilities and loop-holes within the components of security, various aspects of network that are not secured and also implementation of the intrusion-detection and prevention-system techniques are also described here. In this paper, proposed methods based on Neural Network is described that provides better way of attack detection, that are required in various applications of security such as network forensics, portable computer and the event handling systems by applying various different approaches. Proposed work is implemented in MATALB.

Download Full-text

RELEVANCE OF THE DEVELOPMENT OF AN INTRUSION DETECTION SYSTEM WITH A TRAP MODULE

Interexpo GEO-Siberia ◽

10.33764/2618-981x-2020-8-1-165-167 ◽

2020 ◽

Vol 8 (1) ◽

pp. 165-167

Author(s):

Midat O. Maxudov ◽

Ivan E. Doroshenko ◽

Andrey S. Grehov ◽

Diana G. Makarova

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Detailed Report ◽

Prevention System ◽

Intrusion Detection And Prevention

The article presents the relevance of developing an intrusion detection system with a trap module. The trap module implemented as a part of the intrusion detection system allows providing a detailed report and information about the attacker for the intrusion detection and prevention system SNORT.

Download Full-text

Behavioral Host-Based Intrusion Detection and Prevention System for Android

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.36191 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 5268-5274

Author(s):

Yashavant Darange

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Training Dataset ◽

User Privacy ◽

Android Malware ◽

Android Malware Detection ◽

Prevention System ◽

Evaluation Outcome ◽

Intrusion Detection And Prevention

Intrusion Detection System (IDS) is vital to protect smartphones from about to happen security breach and make sure user privacy. Android is the most popular mobile Operating System (OS), holding many markets share. Android malware detection has received important concentration, existing solutions typically rely on performing resource intensive analysis on a server, assuming an uninterrupted link between the device and the server. In this paper, we propose a behavior Host-based IDS (HIDS) by using permissions incorporating arithmetical and ML algorithms. The benefit of our proposed IDS is two folds. First, it is completely independent and runs on the smartphone device, without need any link to a server. Second, it requires only training dataset consisting of some of examples from both benign and malicious datasets for tuning. though, in put into practice, collecting malicious examples is exciting since its important infecting the device and collecting many of samples in order to characterize the malware’s behavior and the labelling has to be done. The evaluation outcome show that the proposed IDS gives a very hopeful accuracy.

Download Full-text

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch045 ◽

2018 ◽

pp. 1073-1094

Author(s):

Romaric Ludinard ◽

Éric Totel ◽

Frédéric Tronel ◽

Vincent Nicomette ◽

Mohamed Kaâniche ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection System ◽

Source Code ◽

Web Attacks ◽

Application Profile ◽

The Web ◽

Ruby On Rails

Download Full-text

Http Rule Base Intrusion Detection and Prevention System

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i1093.0789s219 ◽

2019 ◽

Vol 8 (9S2) ◽

pp. 438-441

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Rule Base ◽

Application Layer ◽

Malicious Activity ◽

Input Text ◽

Prevention System ◽

Hyper Text Transfer Protocol ◽

Intrusion Detection And Prevention

The objective of HTTP Rule Base Intrusion Detection and Prevention System (IDPS) is to provide security for one of the application layer protocols namely HTTP (Hyper-Text Transfer Protocol). Such an HTTP based Intrusion Detection System (IDS) detects header attacks and attacks in payload (includes HTML and scripting). Misuse detection uses signature based approach where predefined patterns are defined. The input text or pattern is compared with the predefined signatures to detect malicious activity. Furthermore new types of attacks are continuously created. The new attacks created by attacker are also detected by these IDS, only if attacks are in the form of signatures. Signatures are defined either in a single-line or by complex script languages and are used in rule base to detect attacks. These signatures and rules have to be updated periodically as the attacks are continuously changing its nature of attacks

Download Full-text

Design of Intrusion Detection and Prevention in SCADA System for the Detection of Bias Injection Attacks

Security and Communication Networks ◽

10.1155/2019/1082485 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 1

Author(s):

R. B. Benisha ◽

S. Raja Ratna

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

False Negative ◽

Grey Wolf Optimization ◽

Injection Attacks ◽

Scada System ◽

Prevention System ◽

Learning Machine ◽

Intrusion Detection And Prevention

Intrusion detection and prevention system detects malicious activities that occur in the real-time SCADA systems. This system has a problem without a profound solution. The challenge of the existing intrusion detection is accuracy in the process of detecting the anomalies. In SCADA, wind turbine data are modified by the intruders and forged details are given to the server. To overcome this, the biased intrusion detection system is used for detecting the intrusion with encrypted date, time, and file location with less false-positive and false-negative rates and thereby preventing the SCADA system from further intrusion. It is done in three phases. First, Modified Grey Wolf Optimization (MGWO) is used to extract the features needed for classification and to find the best weight. Second, Entropy-based Extreme Learning Machine (EELM) is used to extort the features and detect the intruded data with its intruded time, file location, and date. Finally, the data are encrypted using the Hybrid Elliptical Curve Cryptography (HECC) to prevent further attack. Experimental results show better accuracy in both detection as well as prevention.

Download Full-text

Developing an Intelligent Intrusion Detection and Prevention System against Web Application Malware

Communications in Computer and Information Science - Advances in Security of Information and Communication Networks ◽

10.1007/978-3-642-40597-6_15 ◽

2013 ◽

pp. 177-184

Author(s):

Ammar Alazab ◽

Michael Hobbs ◽

Jemal Abawajy ◽

Ansam Khraisat

Keyword(s):

Intrusion Detection ◽

Web Application ◽

Prevention System ◽

Intrusion Detection And Prevention

Download Full-text

Network Intrusion Detection and Prevention Systems for Attacks in IoT Systems

Countering Cyber Attacks and Preserving the Integrity and Availability of Critical Systems - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-5225-8241-0.ch006 ◽

2019 ◽

pp. 128-141 ◽

Cited By ~ 1

Author(s):

Vetrivelan Pandu ◽

Jagannath Mohan ◽

T. S. Pradeep Kumar

Keyword(s):

Machine Learning ◽

Web Application ◽

Detection System ◽

Security Threats ◽

Network Intrusion ◽

Security Personnel ◽

Prevention System ◽

Based Instruction ◽

Vast Network ◽

Intrusion Detection And Prevention

Internet of things (IoT) has transformed greatly the improved way of business through machine-to-machine (M2M) communications. This vast network and its associated technologies have opened the doors to an increasing number of security threats which are dangerous to IoT and 5G wireless networks. The first part of this chapter presents instruction detection system (IDS) which detect the various attacks in 6LoWPAN layer. An IDS is to detect and analyze both inbound and outbound network traffic for abnormal activities. An IPS complements an IDS configuration by proactively inspecting a system's incoming traffic to weed out malicious requests. A typical IPS configuration uses web application firewalls and traffic filtering solutions to secure applications. An IPS prevents attacks by dropping malicious packets, blocking offending IPs and alerting security personnel to potential threats. Machine learning (ML)-based instruction detection and prevention system (IDPS) is proposed and implemented in Contiki simulation environment.

Download Full-text

Makespan of routing and security in Cross Centric Intrusion Detection System (CCIDS) over black hole attacks and rushing attacks in MANET

International Journal of Intelligent Unmanned Systems ◽

10.1108/ijius-03-2019-0021 ◽

2019 ◽

Vol 7 (4) ◽

pp. 162-176

Author(s):

Rajendran N. ◽

Jawahar P.K. ◽

Priyadarshini R.

Keyword(s):

Quality Of Service ◽

Intrusion Detection ◽

Response Time ◽

Intrusion Detection System ◽

Security Policy ◽

Ad Hoc ◽

Detection System ◽

Content Type ◽

The Cost

Purpose The purpose of this paper is to apply security policies over the mobile ad hoc networks. A mobile ad hoc network refers to infrastructure-less, persistently self-designing systems; likewise, there is a noteworthy innovation that supplies virtual equipment and programming assets according to the requirement of mobile ad hoc network. Design/methodology/approach It faces different execution and effectiveness-based difficulties. The major challenge is the compromise of performance because of unavailable resources with respect to the MANET. In order to increase the MANET environment’s performance, various techniques are employed for routing and security purpose. An efficient security module requires a quality-of-service (QoS)-based security policy. It performs the task of routing and of the mobile nodes, and it also reduces the routing cost by finding the most trusted node. Findings The experimental results specify that QoS-based security policy effectively minimizes the cost, response time as well as the mobile makespan (routing cost and response time) of an application with respect to other existing approaches. Research limitations/implications In this paper, the authors proposed an enhancement of Cross Centric Intrusion Detection System named as PIHNSPRA Routing Algorithm (PIHNSPRA). Practical implications It maps the security with the secure IDS communication and distributes the packets among different destinations, based on priority. This calculation is proposed for the purpose of routing and security by considering greatest throughput with least routing cost and reaction time. Social implications When the concept is applied to practical applications. Quality of Service introduced in the proposed research reduces the cost of routing and improves the throughput. Originality/value The proposed calculation is tested by NS2 simulator and the outcomes showed that the execution of the calculation is superior to other conventional algorithms.

Download Full-text