Intrusion Detection System (IDS) is one of the security measures being used
as an additional defence mechanism to prevent the security breaches on web. It
has been well known methodology for detecting network-based attacks but still
immature in the domain of securing web application. The objective of the paper
is to thoroughly understand the design methodology of the detection system in
respect to web applications. In this paper, we discuss several specific aspects
of a web application in detail that makes challenging for a developer to build
an efficient web IDS. The paper also provides a comprehensive overview of the
existing detection systems exclusively designed to observe web traffic.
Furthermore, we identify various dimensions for comparing the IDS from
different perspectives based on their design and functionalities. We also
provide a conceptual framework of an IDS with prevention mechanism to offer a
systematic guidance for the implementation of the system specific to the web
applications. We compare its features with five existing detection systems,
namely AppSensor, PHPIDS, ModSecurity, Shadow Daemon and AQTRONIX WebKnight.
The paper will highly facilitate the interest groups with the cutting edge
information to understand the stronger and weaker sections of the web IDS and
provide a firm foundation for developing an intelligent and efficient system