A Framework for Hybrid Intrusion Detection Systems

Web application security is a definite threat to the world’s information technology infrastructure. The Open Web Application Security Project (OWASP), generally defines web application security violations as unauthorized or unintentional exposure, disclosure, or loss of personal information. These breaches occur without the company’s knowledge and it often takes a while before the web application attack is revealed to the public, specifically because the security violations are fixed. Due to the need to protect their reputation, organizations have begun researching solutions to these problems. The most widely accepted solution is the use of an Intrusion Detection System (IDS). Such systems currently rely on either signatures of the attack used for the data breach or changes in the behavior patterns of the system to identify an intruder. These systems, either signature-based or anomaly-based, are readily understood by attackers. Issues arise when attacks are not noticed by an existing IDS because the attack does not fit the pre-defined attack signatures the IDS is implemented to discover. Despite current IDSs capabilities, little research has identified a method to detect all potential attacks on a system. This thesis intends to address this problem. A particular emphasis will be placed on detecting advanced attacks, such as those that take place at the application layer. These types of attacks are able to bypass existing IDSs, increase the potential for a web application security breach to occur and not be detected. In particular, the attacks under study are all web application layer attacks. Those included in this thesis are SQL injection, cross-site scripting, directory traversal and remote file inclusion. This work identifies common and existing data breach detection methods as well as the necessary improvements for IDS models. Ultimately, the proposed approach combines an anomaly detection technique measured by cross entropy and a signature-based attack detection framework utilizing genetic algorithm. The proposed hybrid model for data breach detection benefits organizations by increasing security measures and allowing attacks to be identified in less time and more efficiently

Gestion de la sécurité des réseaux à l'aide d'un service innovant de Cloud Based Firewall

Cloud computing has evolved over the last decade from a simple storage service for more complex services, offering the software as a service (SaaS) platforms as a service (PaaS) and most recently the security as a service (SECaaS). In our work, we started with the simple idea to use the resources offered by the Cloud with a low financial cost to propose new architectures of security service. The security of virtual environments is a major issue for the deployment of the use of the Cloud. Unfortunately, these environments are composed of a set of already existing technologies used in a new way, many security solutions are only traditional reconditioned solutions to solve the Cloud and virtual networks security issues. The work done in this thesis is a response to the resource limitations of physical security devices such as firewalls and propose new security architectures consist of management of network security in the cloud-based services following Security as a Service model and propose novel architectures for managing these services. We took the initiative to propose a completely Cloud-Based architecture. The latter allows a cloud provider to provide firewalling service to its customers. It asks them to subscribe to the offer by guaranteeing treatment (analysis) with a capacity of bandwidth traffic with functional filtering rules and other proposed by the subscriber. The results demonstrated the ability of our architecture to manage and cope with network DDoS attacks and to increase analytical capacity by distributing traffic over multiple virtualLe Cloud Computing a évolué au cours de la dernière décennie, passant d’un simple service de stockage à des services plus complexes, en proposant le software comme service (SaaS), les plateformes comme service(PaaS) et très récemment la sécurité comme service (SECaaS).Dans notre travail, nous sommes partis de l'idée simple d'utiliser les ressources offertes par le Cloud avec un faible coût financier pour proposer des nouvelles architectures de service de sécurité.La sécurité des environnements virtuels est un sujet majeur pour le déploiement de l’usage du Cloud. Malheureusement, comme ces environnements sont composés d’un ensemble de technologies déjà existantes, utilisées d'une manière nouvelle, de nombreuses solutions sécuritaires ne sont que des solutions traditionnelles reconditionnées à la problématique Cloud et réseaux virtuels.Le travail effectué dans le cadre de cette thèse vient répondre à la limitation de ressources des équipements physiques de sécurité comme les Firewalls et a pour objectif de proposer de nouveaux services de sécurité composés d’architectures de gestion de la sécurité des réseaux dans le Cloud basé sur le modèle Security as a Service, ainsi que des architectures de management de ces services.Nous avons pris l’initiative de proposer une architecture totalement Cloud-Based. Cette dernière, permet à un Cloud provider de proposer un service de Firewalling à ses clients. Celui-ci leur demande de s’abonner à l’offre en leur garantissant le traitement (analyse) d’une capacité de bande-passante de trafic avec des règles de filtrages fonctionnelles et d’autres proposées par l’abonné.Les résultats obtenus ont démontré les aptitudes de nos architectures à gérer et à faire face à des attaques réseaux de type DDoS et à augmenter la capacité d’analyse en distribuant le trafic sur plusieurs pare-feu virtuels