An Intrusion Detection System for Web-Based Attacks Using IBM Watson

Intrusion Detection System (IDS) acts as a defensive tool to detect the security attacks on the web. IDS is a known methodology for detecting network-based attacks but is still immature in monitoring and identifying web-based application attacks. The objective of this research paper is to present a design methodology for efficient IDS with respect to web applications. In this paper, we present several specific aspects which make it challenging for an IDS to monitor and detect web attacks. The article also provides a comprehensive overview of the existing detection systems exclusively designed to observe web traffic. Furthermore, we identify various dimensions for comparing the IDS from different perspectives based on their design and functionalities. We also propose a conceptual framework of a web IDS with a prevention mechanism to offer systematic guidance for the implementation of the system. We compare its features with five existing detection systems, namely, AppSensor, PHPIDS, ModSecurity, Shadow Daemon, and AQTRONIX WebKnight. This paper will highly facilitate the interest groups with the cutting-edge information to understand the stronger and weaker sections of the domain and provide a firm foundation for developing an intelligent and efficient system.

Download Full-text

Research and Implementation of Intrusion Detection System Based on Artificial Neural Network

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.129-131.1421 ◽

2010 ◽

Vol 129-131 ◽

pp. 1421-1425

Author(s):

Xiao Cui Han

Keyword(s):

Neural Network ◽

Artificial Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Web Based ◽

Artificial Neural

Through the research on intrusion detection and artificial neural network, this paper designs an intrusion detection system based on artificial neural network, in detail describes the theory and implementation of all modules, and then carries out test and analysis for it, the results show that it has great advantages in web-based intrusion detection.

Download Full-text

Teler Real-time HTTP Intrusion Detection at Website with Nginx Web Server

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.5.3.510 ◽

2021 ◽

Vol 5 (3) ◽

pp. 327

Author(s):

Agus Tedyyana ◽

Osman Ghazali

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Intrusion Detection System ◽

Crime Rate ◽

Detection System ◽

Web Server ◽

The Internet ◽

Brute Force ◽

Web Servers ◽

Web Based

Web servers and web-based applications are now widely used, but in this case, the crime rate in cyberspace has also increased. Crime in cyberspace can occur due to the exploitation of how a system works. For example, the way HTTP works are exploited to weaken the webserver. Various tools for attacking the internet are also starting to be easy to find, but so are the tools to detect these attacks. One of the useful tools for detecting attacks and sending warnings against threats is based on the weblogs on the webserver. Many have not reviewed Teler as an intrusion detection system on HTTP on web servers because the existing tools are relatively new. Teler detecting the weblog and run on the terminal with rule resources collected from the community. So here, the researcher tries to implement the use of Teler in detecting HTTP intrusions on a Nginx-based web server. Intrusion is carried out in attacks commonly used by attackers, for example, port scanning and directory brute force using the Nmap and OWASP ZAP tools. Then the detection results will be sent via the Telegram bot to the server admin. From the results of the experiments conducted, it has been found that Teler is still classified as being able to send warning notifications with a delay between the time of detection and the time when the alert is received, no more than 3 seconds.

Download Full-text

Penggunaan Metode Signature Based dalam Pengenalan Pola Serangan di Jaringan Komputer

Jurnal Teknologi Informasi dan Ilmu Komputer ◽

10.25126/jtiik.2021834200 ◽

2021 ◽

Vol 8 (3) ◽

pp. 517

Author(s):

Herri Setiawan ◽

M. Agus Munandar ◽

Lastri Widya Astuti

Keyword(s):

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Test Results ◽

Web Based ◽

Security Issues ◽

Attack Patterns ◽

Attack Data ◽

Tools And Techniques

Masalah keamanan jaringan semakin menjadi perhatian saat ini. Sudah semakin banyak tools maupun teknik yang dapat digunakan untuk masuk kedalam sistem secara ilegal, sehingga membuat lumpuh sistem yang ada. Hal tersebut dapat terjadi karena adanya celah dan tidak adanya sistem keamanan yang melindunginya, sehingga sistem menjadi rentan terhadap serangan. Pengenalan pola serangan di jaringan merupakan salah satu upaya agar serangan tersebut dapat dikenali, sehingga mempermudah administrator jaringan dalam menanganinya apabila terjadi serangan. Salah satu teknik yang dapat digunakan dalam keamanan jaringan karena dapat mendeteksi serangan secara real time adalah Intrusion Detection System (IDS), yang dapat membantu administrator dalam mendeteksi serangan yang datang. Penelitian ini menggunakan metode signatured based dan mengujinya dengan menggunakan simulasi. Paket data yang masuk akan dinilai apakah berbahaya atau tidak, selanjutnya digunakan beberapa rule untuk mencari nilai akurasi terbaik. Beberapa rule yang digunakan berdasarkan hasil training dan uji menghasilakan 60% hasil training dan 50% untuk hasil uji rule 1, 50% hasil training dan 75% hasil uji rule 2, 75% hasil training dan hasil uji rule 3, 25% hasil training dan hasil uji rule 4, 50% hasil training dan hasil uji untuk rule 5. Hasil pengujian dengan metode signatured based ini mampu mengenali pola data serangan melaui protokol TCP dan UDP, dan monitoring yang dibuat mampu mendeteksi semua serangan dengan tampilan web base. AbstractNetwork security issues are becoming increasingly a concern these days. There are more and more tools and techniques that can be used to enter the system illegally, thus paralyzing the existing system. This can occur due to loopholes and the absence of a security system that protects it so that the system becomes vulnerable to attacks. The recognition of attack patterns on the network is an effort to make these attacks recognizable, making it easier for network administrators to handle them in the event of an attack. One of the techniques that can be used in network security because of a timely attack is the Intrusion Detection System (IDS), which can help administrators in surveillance that comes. This study used a signature-based method and tested it using a simulation. The incoming data packet will be assessed whether it is dangerous or not, then several rules are used to find the best accuracy value. Some rules used are based on the results of training and testing results in 60% training results and 50% for rule 1 test results, 50% training results and 75% rule 2 test results, 75% training results and rule 3 test results, 25% training results and the result of rule 4 test, 50% of training results and test results for rule 5. The test results with the signature-based method can recognize attack data patterns via TCP and UDP protocols, and monitoring is made to be able to detect all attacks with a web-based display.

Download Full-text