Open Access Open Access  Restricted Access Subscription Access

A Novel Hybrid Approach for Detection of Web-Based Attacks in Intrusion Detection Systems


Affiliations
1 Department of Software Engineering, Firat University, Elazig, 23119, Turkey
 

Importance of information security systems is increasing in parallel with the rapid developments in information technology. The development of new technologies brings new security weaknesses in corporate and personal meaning can lead to unavoidable losses. For this reason, many researches have been performed in order to ensure the security of information systems. In today's world, the concept of information has been moved to the digital size from conventional size. Protection of the data stored in the digital archive and is easily accessibility at any time have become a quite important phenomenon. In this concept, intrusion detection and prevention systems as security tools are widely used today. In this paper, a hybrid real time intrusion and prevention system approach has been proposed for web applications security. The proposed system uses rule-based misuse detection and anomaly detection as intrusion detection method and uses network packets as data source. The system is real-timed with accordance to data process time, centralized with accordance to architecture, and server-based with accordance to system it protects. The developed system has been tested on the current web attacks determined by OWASP (The Open Web Application Security Project) and provides a very high success rate.

Keywords

Web Attacks, Intrusion Detection And Prevention Systems, Information Security, Network Analysis.
User
Notifications
Font Size

  • Baykara, M., Das, R., Karadogan, I., "Bilgi Guvenligi Sistemlerinde Kullanilan Araclarin Incelenmesi", 1st International Symposium on Digital Forensics and Security, pp. 231-239, 20-22 May. 2013, Firat University, Elazig-Turkey.
  • Razzaq, A., Hur, A., Masood, M., Latif, K., Ahmad, H.F., Takahashi, H., "Foundation of Semantic Rule Engine to Protect Web Application Attacks," 10th International Symposium on Autonomous Decentralized Systems (ISADS), pp. 95-102, 23-27 March 2011.
  • Lounis, O., Bouhouita Guermeche, S.E., Saoudi, L., Benaicha, S.E., "A new algorithm for detecting SQL injection attack in Web application," Science and Information Conference (SAI), pp. 589-594, 27-29 Aug. 2014.
  • Liang Guangmin, "Modeling Unknown Web Attacks in Network Anomaly Detection," Third International Conference on Convergence and Hybrid Information Technology, ICCIT '08, vol.2, no., pp. 112-116, 11-13 Nov. 2008.
  • Ludinard, R., Totel, E., Tronel, F., Nicomette, V., Kaaniche, M., Alata, E., Akrout, R., Bachy, Y., "Detecting attacks against data in web applications", 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1-8, 10-12 Oct. 2012.
  • Zolotukhin, M., Hamalainen, T., Kokkonen, T., Siltanen, J., "Analysis of HTTP Requests for Anomaly Detection of Web Attacks," 12th International Conference on Dependable, Autonomic and Secure Computing (DASC), IEEE, pp. 406,411, 24-27 Aug. 2014.
  • Takci, H., Akyuz, T., & Sogukpinar, I., "Web Ataklari Icin Metin Tabanli Anormallik Tespiti (Wamtat)" Journal of The Faculty of Engineering and Architecture of Gazi University, Vol: 22, No: 2, pp. 247-253, 2007.
  • Sagiroglu, S., Guven, E.N., Yavanoglu, U., "Zeki Saldiri Tespit Sistemi Tasarimi ve Gercekleutirilmesi", Journal of The Faculty of Engineering and Architecture of Gazi University, Vol:26, No:2, pp. 325-340, 2011.
  • Sancak, S., "Saldiri Tespit Sistemi Tekniklerinin Karsilastirilmasi", Master Thesis, Gebze Technical University, 2008.
  • Baykara, M., "Design and Implementation of Intrusion Detection and Prevention Approaches for Information Systems", Ph.D Thesis, Fırat University, Graduate School of Natural and Applied Sciences, Department of Software Engineering 2016.
  • Demirol D., Das R., Baykara M., "SQL Enjeksiyon Saldiri Uygulamasi ve Guvenlik Onerileri", 1st International Symposium on Digital Forensics and Security, 20-22 Mayis 2013, Firat University, Elazig.
  • Internet: Ar, I., "Nufuz Tespit Sistemleri", http://anibal.gyte.edu.tr/hebe/AblDrive/59669005/w/Storage/104_2010_2_673_59669005/Homeworks/lktan-ar-nufuz-tespit-sistemleri.pdf, (Access Date: 10.03.2017).
  • Vural, Y., Sagiroglu, S, "Kurumsal Bilgi Guvenligi ve Standartlari uzerine bir Inceleme", Journal of The Faculty of Engineering and Architecture of Gazi University, Vol: 23, No: 2, pp. 507-522, June 2008.
  • Ozhan, E., Paket ve Port Analizi Ile Ag Saldiri Tespit Sistemleri, Master Thesis, Trakya University, Graduate School of Natural and Applied Sciences, 2006.
  • Sazli, H., M., Tanrikulu, H., "Saldiri Tespit Sistemlerinde Yapay Sinir Aglarinin Kullanilmasi", XII. Turkiye'de Internet Konferansi, 8-10 Kasim, Ankara, 2007.
  • Huang at all, "A Multi-Agent-Based Distributed Intrusion Detection System", 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), 2010.
  • Canbek, G., Sagiroglu, S., "Bilgisayar Sistemlerine Yapilan Saldirilar ve Turleri: Bir Inceleme", Erciyes University Journal of Institue of Science and Technology, 23(1-2), pp. 1-12, 2007.
  • Patcha, A., Park, J.M., "An overview of anomaly detection techniques: Existing solutions and latest technological trends", Computer Networks, 51(12): pp. 3448-3470, 2007.
  • Anderson, J.P., "Computer Security Threat Monitoring and Surveillance", Technical Report, James P. Anderson Co., Fort Washington, PA. 15 April 1980.
  • Aris, A., Oktug S. F. and Yalcin, S. B.O., "Nesnelerin Interneti Guvenligi: Servis Engelleme Saldirilari Internet-of-Things Security: Denial of Service Attacks", 2015.
  • Ogretmen, F. D., Aydin, M. A. and Ahmet Sertbas., "Saldiri Tespit Sisteminin Bulut Bilisimde Kullanimi ve Etkileri", ISC-Turkey, 30-31 October 2015.
  • Yavuz, G., Bektas, O., Soysal, M., and Yigit, S., "Sanal Ipv6 Balkupu Agi Altyapisi: Kovan", National IPv6 Conference 2011.
  • Lobato, A. G. P., da Rocha Figueiredo, U., & Duarte, O. C. M., "An Architecture for Intrusion Prevention using Software Defined Networks.", Universidade Federal do Rio de Janeiro-GTA/COPPE-Rio de Janeiro, Brazil.
  • Raza, S., Wallgren, L., Voight, T., "SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks", 11.8: pp. 2661-2674, 2013.
  • A. A. Gendreau and M. Moorman, "Survey of Intrusion Detection Systems towards an End to End Secure Internet of Things," IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, pp. 84-90, 2016.

Abstract Views: 373

PDF Views: 1




  • A Novel Hybrid Approach for Detection of Web-Based Attacks in Intrusion Detection Systems

Abstract Views: 373  |  PDF Views: 1

Authors

Muhammet Baykara
Department of Software Engineering, Firat University, Elazig, 23119, Turkey
Resul Das
Department of Software Engineering, Firat University, Elazig, 23119, Turkey

Abstract


Importance of information security systems is increasing in parallel with the rapid developments in information technology. The development of new technologies brings new security weaknesses in corporate and personal meaning can lead to unavoidable losses. For this reason, many researches have been performed in order to ensure the security of information systems. In today's world, the concept of information has been moved to the digital size from conventional size. Protection of the data stored in the digital archive and is easily accessibility at any time have become a quite important phenomenon. In this concept, intrusion detection and prevention systems as security tools are widely used today. In this paper, a hybrid real time intrusion and prevention system approach has been proposed for web applications security. The proposed system uses rule-based misuse detection and anomaly detection as intrusion detection method and uses network packets as data source. The system is real-timed with accordance to data process time, centralized with accordance to architecture, and server-based with accordance to system it protects. The developed system has been tested on the current web attacks determined by OWASP (The Open Web Application Security Project) and provides a very high success rate.

Keywords


Web Attacks, Intrusion Detection And Prevention Systems, Information Security, Network Analysis.

References