Real Time Internal Intrusion Detection: A Case Study of Embedded Sensors and Detectors in E-Government Websites

Real Time Internal Intrusion Detection: A Case Study of Embedded Sensors and Detectors in E-Government Websites

Zuhoor Abdullah Salim Al-Khanjari (Sultan Qaboos University, Oman) and Asaad Abdulrahman Nayyef (Sultan Qaboos University, Oman)
DOI: 10.4018/978-1-4666-6583-5.ch004
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The increase of attacks on e-Government infrastructures led to the emergence of several information security techniques. Insider threat is one of the most complex problems in information security. It requires a sophisticated response to detect and protect the un-authorized use. This chapter provides a framework for developing a high level security management for e-Government website. The framework is based on the sensors and detectors, which consist of relatively small amounts of source code to detect all attacks in e-Government website against all threats in real time. In this chapter, the authors also provide a full illustration of how to design and protect all files used to implement a secure e-Government websites. This should contain a self- audit of the file and represent a kind of processes that are used to protect data in different types of files including: image, sound, string or any file within e-Government website.
Chapter Preview
Top

Introduction

Insider threat is one of the most complex problems in information security it requires a sophisticated response to detect the subtle variations in access patterns that separate intentional misuse from authorized use.

Historically, the detection technology dated back to 1980. Anderson introduced the concept of intrusion detection. Anderson proposed a “security surveillance system” involving formal examination of a system’s audit logs. In examining the system threats, Anderson also introduced the notion of categorizing intruders based upon their access to a system, and he defined the internal intruders with permissions to access the system and external intruders without any permission (Anderson, 1980).

In this chapter, the authors advocate improving the embedded sensors for real time internal intrusion detection system. This involves adding code to the e-Government website where monitoring will take place. The sensors check for specific conditions that indicate an attack is taking place, or an intrusion has occurred. Embedded sensors have advantages over other intruder detection techniques (usually implemented as separate processes) in terms of reduced host impact, resistance to attack, efficiency and effectiveness of detection.

The authors describe the use of embedded sensors in general, and their application to the detection of website attacks to protect all files in e-Government website. The Design and development of the sensors have been done in the real website hosting. Our tests show a high success rate in the detection of the attacks. The work we propose is divided into four stages:

  • 1.

    Designing infrastructure for the development of the sensors.

  • 2.

    Implementing sensors for detecting intrusions.

  • 3.

    Performing analysis on the data obtained in step (2) and validating if the existing sensors can be used to detect new attacks.

  • 4.

    Connecting to other ISP to open same e-Government website.

A method is proposed to detect internal intrusion for protecting e-Government website using Java language. This is done by dealing with the classes of the HTML file. This file contains all programmable steps to detect internal intrusion and protect all files, which deal with that site from unauthorized changing by an intruder inside ISP. Automatic audit for all files provides high security to the site protection without using any other protection programs. These programs might be used to detect intruder inside e-Government website in ISP. With this method we can protect all files, which are dealing with the e-Government website, and automatically check for all files inside class file. This method differs from other methods by not providing the program code inside the HTML file. Therefore, it is difficult to discover and analyze the proposed method because it is inside the class file.

By using real time technique, we can use our method to detect internal intruder and protect all kinds of files inside e-Government website and all those which deal with them without returning to or getting the help of the ISP and without stopping the site for service in case of intrusion through operating an alternative site from another ISP.

This chapter is organized as follows. Section 2 provides the background and related work on the intrusion detection. Section 3 explains the Intrusion Detection System (IDS) and methods of intrusion detection, intrusion tools and defense techniques. Section 4 discusses types of attack, methods of attack, vectors for attack and types of defenses. Section 5 describes the Sensors, detectors and embedded sensors for intrusion detection. This section also provides the main functions of the proposed system and the infrastructure of the internal embedded sensor. Section 6 provides concluding remarks of the work. Section 7 presents our suggestions for future work.

Key Terms in this Chapter

Intrusion: The set of actions that attempts to compromise integrity, confidentiality or availability of network resources.

Port Scans: Scan across responding hosts to find running services.

Intrusion Detection System (IDS): A device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.

Hackers: Used a variety of tools and techniques to attack the websites or networks.

Intruder: A person who is the perpetrator of a computer security incident often referred to as hackers or crackers.

E-Government: Refers to government’s use of information and communication technology (ICT) to exchange information and services with citizens and businesses.

Intrusion Detection: The problem of identifying individuals who are using a computer system without authorization.

Embedded Sensors: A piece of code added to a program that will be monitored.

Complete Chapter List

Search this Book:
Reset