Skip to main content
Article thumbnail
Location of Repository

An intrusion detection system on network security for web application

By Wei Yuan

Abstract

For the last 15 years, significant amount of resources are invested to enhance the security at system and network level, such as firewalls, IDS, anti-virus, etc. IT infrastructure tends to be more and more secure than ever before. As an ever-increasing number of businesses move to take advantage of the Internet, web applications are becoming more prevalent and increasingly more sophisticated, and as such they are critical to almost all major online businesses. The very nature of web applications, their abilities to collect, process and disseminate information over the Internet, exposes thern to rnalicious hackers. However, the traditional security solutions such as firewall, network and host IDS, do not provide comprehensive protection against the attacks common in the web applications. The thesis concentrates on the research of an advanced intrusion detection framework. An intrusion detection framework was designed which works along with any custom web application to collect and analyze HTTP traffic with various advanced algorithms. Two intrusion detection algorithms are tested and adopted in the framework. Pattern Matching is the most popular intrusion detection technology adopted by most of the commercial intrusion detection system. Behavior Modeling is a new technology that can dynamically adapt the detection algorithms in accordance with the application behavior. The combination of the two intrusion technologies has dramatically reduced false positive and false negative alarms. Moreover, a Servlet filter-based Web Agent is used to capture HTTP request. An isolated Response Module is developed to execute pre-defined action according to the analysis result. A database is involved to provide persistence support for the framework. Also, several simulation experiments are developed for evaluating the efficiency of detecting capability.\ud _____________________________________________________________________________

Topics: Détection d'intrusion, Sécurité des réseaux, Application Web
Year: 2006
OAI identifier: oai:www.archipel.uqam.ca:4835

Suggested articles

Citations

  1. A Guide to Building Secure Web App lications, Open Web Application Security Project.
  2. (1994). A Pattern Matching Model for Misuse Intrusion Detection.
  3. (1992). A real-time intrusion detection expert system (IDES) - final technical report.
  4. (1996). A Sense of Self for UNIX
  5. (2006). Application Security Project (OWASP). URL: http://wv~·w.owasp . org. 1 '7. Paros, version 3 .2.1-win, available via http://www.parosproxy.org,
  6. (2000). Automated Response Using System-Cali Delays.
  7. (1997). Building Diverse Computer Systems.
  8. Common Intrusion Detection Framework (Cil)F). URL: !ll!p://www.isi.edu/gost/c idf/.
  9. (2004). Cross-site Scripting Flaws, Top 1èn Most Critical Web Application Security Vulnerabilities -
  10. (1994). Demonstrating the Elements of Information Security with Threats. doi
  11. (1998). Detecting Anomalous and Unknown Intrusions against Programs.
  12. (1998). Intrusion Detection : Network Security beyond the Firewall,
  13. (1999). Intrusion Detection Systems (IDS): Product Survey, Los Alamos National LaboratOI'y,
  14. ISO 10646: Universal multi-octet character set- UCS, available at b.np://www.iso.org.
  15. (2004). Java/J2EE Application Framework, version 1.1.2,
  16. (2004). Most Critical Web Application Security Vulnerabilities -
  17. Organization: Information Processing Systems - Open Systems lnterconnection -- Basic Reference Madel, part 2: St?curity Architecture 7498/2.
  18. (2005). Prelude Hybrid Intrusion Detection System, version 0.9.0, available via http://prelude-ids.org/,
  19. (2004). Relational Persistence for Idiomatic Java, version 2. 1.6,
  20. (2002). Service Specifie Anomaly Detection for Network Intrusion Detection .
  21. Snort, version 2.4.4, available via http://www.snort.org/,
  22. (1995). Statc; transition analysis : A rule--based intrusion detection approach.
  23. (1990). The architecture of a network leve/ intrusion detection ~ystem.
  24. (2004). The J2EE™ 1.4 Tutorial for Sun Java System Application Server Platform Edition 8 2004Q4 13eta, Filtering Requests and Responses,
  25. (1999). Towards a Taxonomy of Intrusion Detection Systems, doi
  26. UTF-8: Unicode Organization, available at http://www.unicode.org.
  27. version 5.5.2, available via http://tomcat.apache.org.

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.