International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

International Journal of Computer Networks and Applications (IJCNA)

International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

A Novel Hybrid Approach for Detection of Web-Based Attacks in Intrusion Detection Systems

Author NameAuthor Details

Muhammet Baykara, Resul Das

Muhammet Baykara[1]

Resul Das[2]

[1]Department of Software Engineering, Firat University, Elazig, Turkey.

[2]Department of Software Engineering, Firat University, Elazig, Turkey.

Abstract

Importance of information security systems is increasing in parallel with the rapid developments in information technology. The development of new technologies brings new security weaknesses in corporate and personal meaning can lead to unavoidable losses. For this reason, many researches have been performed in order to ensure the security of information systems. In today's world, the concept of information has been moved to the digital size from conventional size. Protection of the data stored in the digital archive and is easily accessibility at any time have become a quite important phenomenon. In this concept, intrusion detection and prevention systems as security tools are widely used today. In this paper, a hybrid real time intrusion and prevention system approach has been proposed for web applications security. The proposed system uses rule-based misuse detection and anomaly detection as intrusion detection method and uses network packets as data source. The system is real-timed with accordance to data process time, centralized with accordance to architecture, and server-based with accordance to system it protects. The developed system has been tested on the current web attacks determined by OWASP (The Open Web Application Security Project) and provides a very high success rate.

Index Terms

Web Attacks

Intrusion Detection and Prevention Systems

Information Security

Network Analysis

Reference

  1. 1.
    Baykara, M., Daş, R., Karadogan, İ., “Bilgi Güvenliği Sistemlerinde Kullanılan Araçların İncelenmesi”, 1st International Symposium on Digital Forensics and Security, pp. 231-239, 20-22 May. 2013, Firat University, Elazığ-Turkey.
  2. 2.
    Razzaq, A., Hur, A., Masood, M., Latif, K., Ahmad, H.F., Takahashi, H., "Foundation of Semantic Rule Engine to Protect Web Application Attacks," 10th International Symposium on Autonomous Decentralized Systems (ISADS), pp. 95-102, 23-27 March 2011.
  3. 3.
    Lounis, O., Bouhouita Guermeche, S.E., Saoudi, L., Benaicha, S.E., "A new algorithm for detecting SQL injection attack in Web application," Science and Information Conference (SAI), pp. 589-594, 27-29 Aug. 2014.
  4. 4.
    Liang Guangmin, "Modeling Unknown Web Attacks in Network Anomaly Detection," Third International Conference on Convergence and Hybrid Information Technology, ICCIT '08, vol.2, no., pp. 112-116, 11-13 Nov. 2008.
  5. 5.
    Ludinard, R., Totel, E., Tronel, F., Nicomette, V., Kaaniche, M., Alata, E., Akrout, R., Bachy, Y., "Detecting attacks against data in web applications", 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1-8, 10-12 Oct. 2012.
  6. 6.
    Zolotukhin, M., Hamalainen, T., Kokkonen, T., Siltanen, J., "Analysis of HTTP Requests for Anomaly Detection of Web Attacks," 12th International Conference on Dependable, Autonomic and Secure Computing (DASC), IEEE, pp. 406,411, 24-27 Aug. 2014.
  7. 7.
    Takcı, H., Akyuz, T., & Sogukpınar, İ., “Web Atakları İçin Metin Tabanlı Anormallik Tespiti (Wamtat)”, Journal of The Faculty of Engineering and Architecture of Gazi University, Vol: 22, No: 2, pp. 247-253, 2007.
  8. 8.
    Sağıroğlu, Ş., Güven, E.N., Yavanoğlu, U., “Zeki Saldırı Tespit Sistemi Tasarımı ve Gerçekleştirilmesi”, Journal of The Faculty of Engineering and Architecture of Gazi University, Vol:26, No:2, pp. 325-340, 2011.
  9. 9.
    Sancak, S., “Saldırı Tespit Sistemi Tekniklerinin Karşılaştırılması”, Master Thesis, Gebze Technical University, 2008.
  10. 10.
    Baykara, M., “Design and Implementation of Intrusion Detection and Prevention Approaches for Information Systems”, Ph.D Thesis, Fırat University, Graduate School of Natural and Applied Sciences, Department of Software Engineering 2016.
  11. 11.
    Demirol D., Daş R., Baykara M., "SQL Enjeksiyon Saldırı Uygulaması ve Güvenlik Önerileri", 1st International Symposium on Digital Forensics and Security, 20-22 Mayıs 2013, Firat University, Elazığ.
  12. 12.
    İnternet: Ar, İ., “Nüfuz Tespit Sistemleri”, http://anibal.gyte.edu.tr/hebe/AblDrive/59669005/w/Storage/104_2010_2_673_59669005/Homeworks/lktan-ar-nufuz-tespit-sistemleri.pdf, (Access Date: 10.03.2017).
  13. 13.
    Vural, Y., Sağıroğlu, Ş., “Kurumsal Bilgi Güvenliği ve Standartları üzerine bir İnceleme”, Journal of The Faculty of Engineering and Architecture of Gazi University, Vol: 23, No: 2, pp. 507-522, June 2008.
  14. 14.
    Vural, Y., Sağıroğlu, Ş., “Kurumsal Bilgi Güvenliğinde Güvenlik Testleri ve Öneriler”, Journal of The Faculty of Engineering and Architecture of Gazi University, Vol:26, No:1, pp. 89-103, 2011.
  15. 15.
    Özhan, E., Paket ve Port Analizi İle Ağ Saldırı Tespit Sistemleri, Master Thesis, Trakya University, Graduate School of Natural and Applied Sciences, 2006.
  16. 16.
    Sazli, H., M., Tanrıkulu, H., “Saldırı Tespit Sistemlerinde Yapay Sinir Ağlarının Kullanılması”, XII. Türkiye’de İnternet Konferansı, 8-10 Kasım, Ankara, 2007.
  17. 17.
    Huang at all, “A Multi-Agent-Based Distributed Intrusion Detection System”, 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), 2010.
  18. 18.
    Canbek, G., Sağıroğlu, Ş., “Bilgisayar Sistemlerine Yapılan Saldırılar ve Türleri: Bir İnceleme”, Erciyes University Journal of Institue of Science and Technology, 23(1-2), pp. 1-12, 2007.
  19. 19.
    Patcha, A., Park, J.M., “An overview of anomaly detection techniques: Existing solutions and latest technological trends”, Computer Networks, 51(12): pp. 3448-3470, 2007.
  20. 20.
    Anderson, J.P., “Computer Security Threat Monitoring and Surveillance”, Technical Report, James P. Anderson Co., Fort Washington, PA. 15 April 1980.
  21. 21.
    Arıs, A., Oktug S. F. and Yalçın, S. B. Ö., "Nesnelerin Interneti Güvenligi: Servis Engelleme Saldırıları Internet-of-Things Security: Denial of Service Attacks", 2015.
  22. 22.
    Öğretmen, F. D., Aydın, M. A. and Ahmet Sertbaş., "Saldırı Tespit Sisteminin Bulut Bilişimde Kullanımı ve Etkileri", ISC-Turkey, 30-31 October 2015.
  23. 23.
    Yavuz, G., Bektaş, O., Soysal, M., and Yiğit, S., "Sanal Ipv6 Balküpü Ağı Altyapısı: Kovan”, National IPv6 Conference 2011.
  24. 24.
    Baykara, M., Das, R., “A survey on potential applications of honeypot technology in intrusion detection systems”, International Journal of Computer Networks and Applications, 2(5), pp. 1-9, 2015.
  25. 25.
    Lobato, A. G. P., da Rocha Figueiredo, U., & Duarte, O. C. M., "An Architecture for Intrusion Prevention using Software Defined Networks.", Universidade Federal do Rio de Janeiro-GTA/COPPE-Rio de Janeiro, Brazil.
  26. 26.
    Raza, S., Wallgren, L., Voight, T., "SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks", 11.8: pp. 2661-2674, 2013.
  27. 27.
    A. A. Gendreau and M. Moorman, "Survey of Intrusion Detection Systems towards an End to End Secure Internet of Things," IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, pp. 84-90, 2016.
IJCNA NPC