Pattern Analysis and Signature Extraction For Intrusion Attacks On Web Services

Thakar, Urjita; Dagdee, Nirmal; Varma, Sudarshan

doi:10.5121/ijnsa.2010.2313

Cited by 13 publications

(10 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors in [13] In [14], a more interactive approach to detecting and predicting anomaly based on IDS was proposed. This approach takes a metric described as F-score per Cost (FPC) for each attack predictor into consideration.…”

Section: Related Workmentioning

confidence: 99%

“…The Bayes Theorem as reported in [16] can be used to calculate the probabilities of the state of the system with respect to the reports given by the detector as shown in Equations (11)- (14). − + − (14) As shown in Table 1, the expected cost, which is dependent on the detector's report, is shown mathematically by finding the sum of the products of the probabilities together with the cost of the node following the response.…”

Section: Expected Costmentioning

confidence: 99%

See 1 more Smart Citation

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

Imoize¹,

Oyedare²,

Otuokere³

et al. 2018

View full text Add to dashboard Cite

In this paper, we consider a cost-based extension of intrusion detection capability (C ID ). An objective metric motivated by information theory is presented and based on this formulation; a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Expected Costmentioning

confidence: 99%

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

Imoize¹,

Oyedare²,

Otuokere³

et al. 2018

View full text Add to dashboard Cite

show abstract

“…Some example of such researches can be found in [6,7,8,9,10,11]. In summary, these researches have shown that given good detection and prevention techniques, it is possible to develop an integrated ID/IP system to defend the WS applications against SOAP/XML attacks.…”

Section: International Workhop On Cloud Computing and Information Sementioning

confidence: 99%

PeANFIS-FARM Framework in Defending against Web Service Attacks

Chan¹,

Lee²,

Heng³

2013

Advances in Intelligent Systems Research

View full text Add to dashboard Cite

Abstract-Internet-enabled Web Service (WS) applications, such as e-commerce, are facing eXtensible Markup Language (XML)-related security threats. However, network and host-based intrusion (ID) and prevention (IP) systems and Web Service Security (WSS) standards are inadequate in countering against these threats. This paper presents a framework to mitigate XML/SOAP attacks. Our framework comprises of two intelligent models: the policyenhanced adaptive neuro-fuzzy inference system (PeANFIS) and fuzzy association rule mining (FARM) model. Performance evaluation of each model indicates detection rate of greater than 99% and false alarm rate of less than 1%. In this paper, we aim to help the security administrator to decide which model to implement depending on the context of the situation. We present rule-based cases as examples to guide design and implementation decisions. Our future work shall see the implementation of the PeANFIS-FARM framework on a wider scale and in cloud computing.

show abstract

“…Signature based detection [6] [19] is nothing but pattern matching. This extracts the features from the IRC packet and performs the cross check with the existing IRC C&C signatures stored in the database.…”

Section: Signature Based Detectionmentioning

confidence: 99%

Lightweight C&C based botnet detection using Aho-Corasick NFA

Udhayan

Anitha²,

Hamsapriya³

2010

IJNSA

View full text Add to dashboard Cite

Botnet distinguishes itself from the previous malware by having the characteristics of a C&C channel, using which a Botmaster can control the constituents of the botnet. Even though protocols like IRC, HTTP and DNS are exploited to incorporate C&C channels, previous analysis have shown that the majority of the botnets are usually based on IRC. Consequently in this paper the Aho-Corasick NFA based detection is proposed to detect the C&C instructions which is exchanged in IRC run botnets. However the ability to detect botnet is limited to the existing bot commands. Therefore a counting process which analyses every IRC messages is introduced to detect the existence of malicious codes. This detection method and various existing methods have been evaluated using real-world network traces. The results show that the proposed C&C Instruction based IRC detection method can detect real-world botnets with high accuracy.

show abstract

Pattern Analysis and Signature Extraction For Intrusion Attacks On Web Services

Abstract: ABSTRACT

Cited by 13 publications

References 15 publications

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability

PeANFIS-FARM Framework in Defending against Web Service Attacks

Lightweight C&C based botnet detection using Aho-Corasick NFA

Contact Info

Product

Resources

About