Abstract:Intrusion Detection System (IDS) acts as a defensive tool to detect the security attacks on the web. IDS is a known methodology for detecting network-based attacks but is still immature in monitoring and identifying web-based application attacks. The objective of this research paper is to present a design methodology for efficient IDS with respect to web applications. In this paper, we present several specific aspects which make it challenging for an IDS to monitor and detect web attacks. The article also prov… Show more
“…The classification is mainly based on the detection mechanism of the methods. Signature-based methods [3,4]: this is a well-known approach and has been investigated by many researchers. So far, the research community of web attack detection has built up a complete Core Rule Set [9] to support network users.…”
Section: Related Work 21 Web Attack Detection Researchmentioning
confidence: 99%
“…So far, the research community of web attack detection has built up a complete Core Rule Set [9] to support network users. Currently, the Core Rule Set is used in most of the web firewalls [3]. Anomaly-based methods: there have been many different anomaly based approaches on network security.…”
Section: Related Work 21 Web Attack Detection Researchmentioning
confidence: 99%
“…In [2], Mookhey presented the characteristics, compositions and operation principles of WA. Besides, some other works in [2][3][4] have shown several vulnerabilities and threats that attackers could exploit to attack the web applications. According to the surveys in [3] and [4], the vulnerabilities of the protocol hyper text transfer protocol (HTTP) or hypertext transfer protocol secure (HTTPS) are often preferable to be exploited by attackers.…”
Section: Introductionmentioning
confidence: 99%
“…Both signature-based and anomaly-based methods have certain advantages and disadvantages. In general, solutions applying signature-based techniques [2,3] are not able to detect unusual requests since these methods are mainly based on fixed ruling systems. Anomaly-based methods are capable of detecting abnormal requests because they utilize techniques to analyze and evaluate the behaviors of the requests.…”
Web application firewall is a highly effective application in protecting the application layer and database layer of websites from attack access. This paper proposes a new web application firewall deploying method based on Dynamic Web application profiling (DWAP) analysis technique. This is a method to deploy a firewall based on analyzing website access data. DWAP is improved to integrate deeply into the structure of the website to increase the compatibility of the anomaly detection system into each website, thereby improving the ability to detect abnormal requests. To improve the compatibility of the web application firewall with protected objects, the proposed system consists of two parts with the main tasks are: i) Detect abnormal access in web application (WA) access; ii) Semi-automatic update the attack data to the abnormal access detection system during WA access. This new method is applicable in real-time detection systems where updating of new attack data is essential since web attacks are increasingly complex and sophisticated.
“…The classification is mainly based on the detection mechanism of the methods. Signature-based methods [3,4]: this is a well-known approach and has been investigated by many researchers. So far, the research community of web attack detection has built up a complete Core Rule Set [9] to support network users.…”
Section: Related Work 21 Web Attack Detection Researchmentioning
confidence: 99%
“…So far, the research community of web attack detection has built up a complete Core Rule Set [9] to support network users. Currently, the Core Rule Set is used in most of the web firewalls [3]. Anomaly-based methods: there have been many different anomaly based approaches on network security.…”
Section: Related Work 21 Web Attack Detection Researchmentioning
confidence: 99%
“…In [2], Mookhey presented the characteristics, compositions and operation principles of WA. Besides, some other works in [2][3][4] have shown several vulnerabilities and threats that attackers could exploit to attack the web applications. According to the surveys in [3] and [4], the vulnerabilities of the protocol hyper text transfer protocol (HTTP) or hypertext transfer protocol secure (HTTPS) are often preferable to be exploited by attackers.…”
Section: Introductionmentioning
confidence: 99%
“…Both signature-based and anomaly-based methods have certain advantages and disadvantages. In general, solutions applying signature-based techniques [2,3] are not able to detect unusual requests since these methods are mainly based on fixed ruling systems. Anomaly-based methods are capable of detecting abnormal requests because they utilize techniques to analyze and evaluate the behaviors of the requests.…”
Web application firewall is a highly effective application in protecting the application layer and database layer of websites from attack access. This paper proposes a new web application firewall deploying method based on Dynamic Web application profiling (DWAP) analysis technique. This is a method to deploy a firewall based on analyzing website access data. DWAP is improved to integrate deeply into the structure of the website to increase the compatibility of the anomaly detection system into each website, thereby improving the ability to detect abnormal requests. To improve the compatibility of the web application firewall with protected objects, the proposed system consists of two parts with the main tasks are: i) Detect abnormal access in web application (WA) access; ii) Semi-automatic update the attack data to the abnormal access detection system during WA access. This new method is applicable in real-time detection systems where updating of new attack data is essential since web attacks are increasingly complex and sophisticated.
“…To prevent the attack, an intrusion detection/prevention system (IDS/IPS) can be used. However, several studies in the literature concur that such third-party solutions exhibit practical limitations due to persistent system complexities, escalating deployment costs, and several inconveniences, including business productivity losses due to high false alarms [3,4]. To address these issues with the aim of ensuring secure information communications, we propose a novel inference scheme using trusted time-based verification for automatically detecting MITM attacks.…”
Due to the prevalence and constantly increasing risk of cyber-attacks, new and evolving security mechanisms are required to protect information and networks and ensure the basic security principles of confidentiality, integrity, and availability—referred to as the CIA triad. While confidentiality and integrity can be achieved using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates, these depend on the correct authentication of servers, which could be compromised due to man-in-the-middle (MITM) attacks. Many existing solutions have practical limitations due to their operational complexity, deployment costs, as well as adversaries. We propose a novel scheme to detect MITM attacks with minimal intervention and workload to the network and systems. Our proposed model applies a novel inferencing scheme for detecting true anomalies in transmission time at a trusted time server (TTS) using time-based verification of sent and received messages. The key contribution of this paper is the ability to automatically detect MITM attacks with trusted verification of the transmission time using a learning-based inferencing algorithm. When used in conjunction with existing systems, such as intrusion detection systems (IDS), which require comprehensive configuration and network resource costs, it can provide a robust solution that addresses these practical limitations while saving costs by providing assurance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.