Ontology based application level intrusion detection system by using bayesian filter

2009 2nd International Conference on Computer, Control and Communication, IC4 2009

Volumn , Issue , 2009, Pages

  Razzaq, Abdul ^a   Ahmed, Hafiz Farooq ^a   Hur, Ali ^a   Haider, Nasir ^a  

^a NATIONAL UNIVERSITY OF SCIENCES AND TECHNOLOGY NUST   (Pakistan)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION; APPLICATION LAYERS; APPLICATION LEVEL; APPLICATION-LEVEL ATTACKS; BASE MODELS; BASE SYSTEMS; BAYESIAN FILTERS; CONTEXT BASE; EBUSINESS; FALSE POSITIVE RATES; INFORMATION SHARING; INTRUSION DETECTION SYSTEMS; NETWORK PACKETS; ONTOLOGY-BASED; OPEN SOURCE TOOLS; PACKET LEVEL; SECURITY MECHANISM; SECURITY SOLUTIONS; SEQUENTIAL SEARCH; SYSTEM USE; WEB APPLICATION SECURITY; ZERO DAY ATTACK;

APPLICATION PROGRAMMING INTERFACES (API); BAYESIAN NETWORKS; COMPUTER CRIME; ELECTRONIC COMMERCE; INTELLIGENT SYSTEMS; ONTOLOGY;

INTRUSION DETECTION;

EID: 70349162348     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IC4.2009.4909223     Document Type: Conference Paper

References (24)

1. Monica S. Lam, Michael Martin, Benjamin Livshits, and John Whaley, "Securing Web Applications with Static and Dynamic Information Flow Tracking," PEPM'08, January 7-8, 2008, San Francisco, California, USA.
2. WebCohort, "Only 10% of Web applications are secured against common hacking techniques,". http://www.imperva.com.
3. G. Hulme, "New software may improve application security," http://www.informationweek.com/story/ 2001.
4. Benjamin Livshits, Michael Martin, and Monica S. Lam, "SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities," Technical Report,Stanford University,September 22, 2006.
5. Open Web Application Security Project. "The ten most critical Web application security vulnerabilities," http://sourceforge/owasp.
6. Jovanovic, N.; Kruegel, C.; Kirda, E.; "Pixy: a static analysis tool for detecting Web application vulnerabilities", In Proc. Of the 2006 IEEE Symposium on Security and privacy, 21-24 May 2006.
7. SPI Dynamics. "Web Application Security Assessment." SPI Dynamics Whitepaper, 2003.
8. OWASP."WebScarabProject." http://www.owasp.org/webscarab.
9. Y.W. Huang, S.K. Huang, T.P. Lin, C.H. Tsai, "Securing Web application code by static analysis and runtime protection," in: Proceedings of the 13th International World Wide Web Conference, New York, May 17-22, 2004.
10. Y.W. Huang, F. Yu, C. Hang, C.H. Tsai, D.T. Lee, S.Y. Kuo, "Verifying Web applications using bounded model checking,", Proceedings of the 2004 International Conference Dependable Systems and Networks (DSN2004), Florence, Italy, June 28-July 1, 2004.
11. Wikipedia, the free encyclopedia, "Code injection", http://en.wikipedia.org/wiki.
12. Jin-Cherng Lin and Jan-Min Chen: "The Automatic Defense Mechanism for Malicious Injection Attack," IEEE 2007.
13. Sanctum Inc. AppShield. white paper. March 2003. http://www.sanctuminc. com/.
14. Scott, D., Sharp, R. "Abstracting Application-Level Web Security." In: The 11th International Conference on the World Wide Web (Honolulu, Hawaii, May 2002), 396-407.
15. Open Web Application Security Project, "The ten most critical Web application security vulnerabilities." http://umn.dl.sourceforge.net/ sourceforge/owasp/.
16. Same origin policy\The Art of Software Security Assessment Same-Origin Policy Part 1, "Why we're stuck with things like XSS and XSRF-CSRF.htm," February 8th, 2007.
17. Deng-Jyi Chen, Chung-Chien Hwang, Shih-Kun Huang, and David TK Chen "A Testing Framework for Web Application Security Assessment," Journal of Computer Networks, 48(5):739-761, Jun. 2005, Elsevier. 2th, 2007.
18. William Robertson, Giovanni Vigna, Christopher Kruegel, and Richard A. Kemmerer: "Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks," Reliable Software Group Department of Computer Science University of California, Santa Barbara.2006.
19. K. K. Mookhey, Detection and Evasion of Web Application Attacks, www.nii.co.in.
20. Precise Mail Anti- Sam Gateway , Process Software. http://w.w.w.process. com/.
21. V. Raskin, C.F. Hempelmann, K.E. Triezenberg, Nirenburg, "Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool," Proceedings of the 2001 Workshop on New Security Paradigms (NSPW-2001), pp. 53-59, 2001.
22. G. Denker, L. Kagal, T. Finin, M. Paolucci, K. Sycara, "Security for DAML Web Services: Annotation and Matchmaking," The Semantic Web (ISWC 2003), LNCS 2870, Springer, pp. 335-350,2003.
23. DAML+OIL. Available at: http://www.daml.org/2000/12/daml+oil.dam.
24. S.T. Sarasamma, Q.A. Zhu, and J. Huff, "Hierarchel Kohonenen Net for Anomaly Detection in Network Security", IEEE Transaction on Systems, Man, and Cybernetics-Part B: Cybernetics, 35(2) ,2005,pp.302-312.