A Signature-Based Intrusion Detection System for Web Applications based on Genetic Algorithm

2016 ◽  
Author(s):  
Robert Bronte ◽  
Hossain Shahriar ◽  
Hisham M. Haddad
Keyword(s):  
Genetic Algorithm ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Applications ◽  
Detection System

scholarly journals A Feature Selection Model for Network Intrusion Detection System Based on PSO, GWO, FFA and GA Algorithms

Symmetry ◽  
2020 ◽  
Vol 12 (6) ◽  
pp. 1046 ◽  
Author(s):  
Omar Almomani
Keyword(s):  
Genetic Algorithm ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Selection Model ◽  
Network Intrusion Detection ◽  
Network Intrusion ◽  
Proposed Model ◽  
Positive Rate

The network intrusion detection system (NIDS) aims to identify virulent action in a network. It aims to do that through investigating the traffic network behavior. The approaches of data mining and machine learning (ML) are extensively used in the NIDS to discover anomalies. Regarding feature selection, it plays a significant role in improving the performance of NIDSs. That is because anomaly detection employs a great number of features that require much time. Therefore, the feature selection approach affects the time needed to investigate the traffic behavior and improve the accuracy level. The researcher of the present study aimed to propose a feature selection model for NIDSs. This model is based on the particle swarm optimization (PSO), grey wolf optimizer (GWO), firefly optimization (FFA) and genetic algorithm (GA). The proposed model aims at improving the performance of NIDSs. The proposed model deploys wrapper-based methods with the GA, PSO, GWO and FFA algorithms for selecting features using Anaconda Python Open Source, and deploys filtering-based methods for the mutual information (MI) of the GA, PSO, GWO and FFA algorithms that produced 13 sets of rules. The features derived from the proposed model are evaluated based on the support vector machine (SVM) and J48 ML classifiers and the UNSW-NB15 dataset. Based on the experiment, Rule 13 (R13) reduces the features into 30 features. Rule 12 (R12) reduces the features into 13 features. Rule 13 and Rule 12 offer the best results in terms of F-measure, accuracy and sensitivity. The genetic algorithm (GA) shows good results in terms of True Positive Rate (TPR) and False Negative Rate (FNR). As for Rules 11, 9 and 8, they show good results in terms of False Positive Rate (FPR), while PSO shows good results in terms of precision and True Negative Rate (TNR). It was found that the intrusion detection system with fewer features will increase accuracy. The proposed feature selection model for NIDS is rule-based pattern recognition to discover computer network attack which is in the scope of Symmetry journal.

Using response action with intelligent intrusion detection and prevention system against web application malware

2014 ◽  
Vol 22 (5) ◽  
pp. 431-449 ◽  
Author(s):  
Ammar Alazab ◽  
Michael Hobbs ◽  
Jemal Abawajy ◽  
Ansam Khraisat ◽  
Mamoun Alazab
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Web Applications ◽  
Detection Efficiency ◽  
Detection System ◽  
Content Type ◽  
Novel Approach ◽  
Prevention System ◽  
Intrusion Detection And Prevention

Purpose – The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. Design/methodology/approach – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). Findings – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. Research limitations/implications – Data limitation. Originality/value – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

scholarly journals An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

2014 ◽  
Vol 5 (1) ◽  
pp. 19-38
Author(s):  
Romaric Ludinard ◽  
Éric Totel ◽  
Frédéric Tronel ◽  
Vincent Nicomette ◽  
Mohamed Kaâniche ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Web Applications ◽  
Detection System ◽  
Source Code ◽  
Web Attacks ◽  
Application Profile ◽  
The Web ◽  
Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Sign in / Sign up

Export Citation Format

Share Document