Semantic System for Attacks and Intrusions Detection

Semantic System for Attacks and Intrusions Detection

Abdeslam El Azzouzi (Abdelmalek Essaâdi University, Tetuan, Morocco) and Kamal Eddine El Kadiri (Abdelmalek Essaâdi University, Tetuan, Morocco)
Copyright: © 2015 |Pages: 14
DOI: 10.4018/IJDCF.2015100102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The increasing development of information systems complicate task of protecting against threats. They have become vulnerable to malicious attacks that may affect the essential properties such as confidentiality, integrity and availability. Then the security becomes an overriding concern. Securing a system begins with prevention methods that are insufficient to reduce the danger of attacks, that must be accomplished by intrusion and attack detection systems. In this paper, a method for detecting web application attacks is proposed. Unlike methods based on signatures, the proposed solution is a technique based on ontology. It describes the Web attacks, the HTTP request, and the application using semantic rules. The system is able to detect effectively the sophisticated attacks by analysing user requests. The semantic rules allow inference about the ontologies models to detect complex variations of web attacks. The ontologies models was developed using description logics which was based Web Ontology Language (OWL). The proposed system is able to be installed on an HTTP server.
Article Preview

Introduction

Web applications are the primary goal of the computer attackers; over 80% of attacks threaten the Internet and Intranet systems which cause majors and criticisms problems for several institutions (banks, public establishments, big company...). Several security solutions are proposed such as firewalls based on the signatures, prevention systems and encryption devices. But their effectiveness against the threats of web attacks is limited. For better detection of web attacks and intrusions, the detection system should understand the context of the content of information to be processed and they must have the ability to filter content based on their effect on the target application. For this the use of ontologies is very important to improve the detection of intrusions and attacks.

Most signatures based and behavior based approaches confront the big challenges, some of which are described below:

  • Most existing techniques are based on the signatures that keep the syntactic representation of the attack. It’s easy for an attacker to launch an attack by a change in the syntactic representation of the signature.

  • Current detection techniques are reactive; attacks are frequently detected by the analysis of system logs. The attack is prevented if its exact signature is recognized by the system otherwise the attack can’t be detected and can compromise system security.

  • Detection systems based on behavior can detect new and unknown attacks. However, in these systems, a small deviation in the data or in user behavior creates false positives and false negatives.

  • The statistical techniques used in detection systems basically provide a viable solution for the network layer. This solution isn’t effective at the application layer, because it focuses on the dissemination of characters input and ignores its contextual nature.

  • Capture the context of inputs and outputs is a difficult task and capture protocol context is also difficult to achieve.

The proposed solution is a response for overcome this problems.

State Of The Art

Several detecting approaches of intrusion and attacks have been proposed, these approaches can generally be classified into three different groups. The behavioral approach is to use methods based on the assumption that the exploitation of a vulnerability of a system involves his abnormal use; an intrusion is identified as a deviation from the normal user behavior. The scenario approach, it isn't possible to statistically describe the behavior of an attacker, it’s possible to give rules on its approach. These rules take the form of attack scenarios exploiting system vulnerabilities. There are also approaches based on ontologies.

Scenario Approach (Signature)

It's possible to give rules on his manner to process the attack. These rules take the form of attack scenarios exploiting system vulnerabilities.

T. Lunt used the rules to describe the actions of the attacks. Ilgun et al used the state transition diagrams to model general states of the system and access control violations. Kumar et al used color Petri nets to represent intrusion signatures as sequences of events on the target system. The main advantage of the scenario detection systems is that once the known intrusion patterns are stored, future instances of these intrusions can be detected effectively and efficiently. However, new attacks will likely go unnoticed, leading to unacceptable false negative rate. The signature detection confronts a big challenge, because of the rapid and exponential growth of the variety of attacks and signature rules. Keeping updated threat signatures database is a tedious task. Snort has over 2,500 signature rules. Xu et al. presented an approach for the automatic generation of safety testing using formal models of threats to detect invalid entries.

Duan et al. developed an efficient zombie spam detection system that automatically detects the compromised machine in a network by monitoring outgoing messages. Shar et Tan proposed a solution against Cross-Site Scripting vulnerability of web applications.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing