Ontology for attack detection: An intelligent approach to web application security

Computers and Security

Volumn 45, Issue , 2014, Pages 124-146

  Razzaq, Abdul ^a   Anwar, Zahid ^a   Ahmad, H Farooq ^a,b   Latif, Khalid ^a   Munir, Faisal ^a  

^a NATIONAL UNIVERSITY OF SCIENCES AND TECHNOLOGY NUST   (Pakistan)

^b KING FAISAL UNIVERSITY   (Saudi Arabia)

Author keywords

Cyber security; Information security; Ontology based intelligent system; Semantic security; Web application security

Indexed keywords

HTTP; HYPERTEXT SYSTEMS; INTELLIGENT SYSTEMS; LEARNING TO RANK; ONTOLOGY; PERSONAL COMPUTING; QUALITY CONTROL; REUSABILITY; SECURITY OF DATA; SEMANTICS;

CONVENTIONAL DETECTION; CYBER SECURITY; ONTOLOGY ENGINEERING METHODOLOGIES; ONTOLOGY-BASED; SEMANTIC SECURITY; WEB APPLICATION ATTACKS; WEB APPLICATION DESIGN; WEB APPLICATION SECURITY;

NETWORK SECURITY;

EID: 84903138908     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2014.05.005     Document Type: Article

References (84)

1. F. Abdoli, N. Meibody, and R. Bazoubandi An attacks ontology for computer and networks attack Innovations and advances in computer sciences and engineering 2010 Springer 473 476
2. Robert Abela Top 10 most critical web application attacks January 25, 2011 http://www.websitedefender.com/web-security/owasp-top-10/ (Last visited April 11, 2014)
3. Marios Alexandrou Rational unified process (RUP) methodology Infolific: Technology 2012 http://infolific.com/technology/methodologies/rational-unified- process
4. Asuncion Gomez-Perez Ontology evaluation Steen Staab, Rudi Studer, Handbook on ontologies 1st ed. 2004 Springer 251 274 [chapter 13]
5. Battle, Robert, Benson, and Edward Bridging the semantic Web and Web 2.0 with representational state transfer (REST) Journal of Web Semantics: Science, Services and Agents on the World Wide Web 6 1 2008 61 69 Elsevier
6. Beck, Kent, Andres, and Cynthia Extreme programming explained: embrace change 2004 Addison-Wesley Professional
7. Belshe, Mike, Peon, and Roberto SPDY protocol 2012 Network Working Group Internet-Draft http://tools.ietf.org/html/draft-mbelshe-httpbis-spdy-00 (Last visited Feb 11, 2014)
8. J. Biolchini, and P. Gomes Systematic review in software engineering 2005 Systems Engineering and Computer Science Department, UFRJ Río de Janeiro, Brazil
9. Harold Boley The RuleML family of web rule languages Principles and practice of semantic web reasoning 2006 Springer 1 17 (Pubitemid 44849832)
10. Grady Booch, James Rumbaugh, and Ivar Jacobson The unified modeling language user guide 1999 Pearson Education India
11. Boris Motik Reasoning in description logics using resolution and deductive databases PhD thesis 2006 University at Fridericiana zu Karlsruhe (TH) Germany
12. O. Corcho, M. Fernández, A. Gómez-Pérez, and A. López-Cima Building legal ontologies with methontology and WebODE R. Benjamins, P. Casanovas, J. Breuker, A. Gangemi, Law and the semantic web 2005 Springer-Verlag 142 157 LNAI No. 3369. ISBN: 3-540-25063-8
13. Oscar Corcho, Mariano Fernández-López, and Asunción Gómez-Pérez Ontological engineering: what are ontologies and how can we build them? 2007 Idea Group Inc. [Book chapter III]
14. G Richard Cote Simple object access protocol Journal of Encyclopedia of Systems Biology 2013 941 1941 Springer
15. Grit Denker, Lalana Kagal, Tim Finin, Massimo Paolucci, and Katia Sycara Security for DAML web services: annotation and matchmaking The semantic web (ISWC 2003), LNCS 2870 2003 Springer
16. Grit Denker, Lalana Kagal, and Tim Finin Security in the semantic web using OWL Journal of Information Security, Technical Report 10 1 2005 51 58 (Pubitemid 40497376)
17. Marc Donner Toward a security ontology Journal of IEEE Security & Privacy 1 3 2003 6 7
18. Stefan Fenz Ontology-based generation of IT-security metrics SAC'10 March 22-26, 2010 ACM 978-1-60558-638-0/10/03 Sierre, Switzerland
19. Stefan Fenz, Gernot Goluch, Andreas Ekelhart, Bernhard Riedl, and Edgar Weippl Information security fortification by ontological mapping of the ISO/IEC 27001 standard 13th Pacific rim international symposium on dependable computing 2007 IEEE 381 388
20. Stefan Fenz, Thomas Pruckner, and Arman Manutscheri Ontological mapping of information security best-practice guidelines W. Abramowicz, BIS 2009, LNBIP 21 2009 Springer-Verlag Berlin Heidelberg 49 60
21. Lopez M. Fernandez Overview of methodologies for building ontologies Proceedings of the IJCAI-99 workshop on ontologies and problem-solving methods (KRR5) 1999 1 4
22. M. Fernández-López, A. Gómez-Pérez, and M.D. Rojas Ontologies' crossed life cycles Proc. international conference in knowledge engineering and management LNAI vol. 1937 2000 Springer-Verlag 65 79
23. M. Fernández-López, A. Gómez-Pérez, and N. Juristo Methontology: from ontological art towards ontological engineering Proc. symposium on ontological engineering of AAAI 1997
24. Mariano Fernandez-Lopez, Asuncion Gomez-Perez, and Natalia Juristo Methontology: from ontological art towards ontological engineering 1997 American Association for Artificial Intelligence
25. M. Fernández-López, A. Gómez-Pérez, A. Pazos-Sierra, and J. Pazos-Sierra Building a chemical ontology using methontology and the ontology design environment Proc. workshop on ontologies and problem-solving methods. IEEE intelligent systems and their applications 1999 37 46
26. Mariano Fernández-López, and Gómez-Pérez Asuncion The integration of OntoClean in webODE J. Angele, Y. Sure, Proceedings of CEUR workshop EKAW'02 workshop on evaluation of ontology-based tools (EON2002), Sigüenza, Spain 2006 38 52 Amsterdam, the Netherlands. Retrieved 23.10.06
27. Roy Fielding, Jim Gettys, Jeffrey Mogul, Henrik Frystyk, Larry Masinter, Paul Leach, and Tim Berners-Lee Hypertext transfer protocol-HTTP/1.1 June, 1999 RFC 2616
28. William M. Fitzgerald, and Simon N. Foley Management of heterogeneous security access control configuration using an ontology engineering approach SafeConfig'10 October 4, 2010 ACM Chicago, Illinois, USA
29. Aldo Gangemi, Carola Catenacci, Massimiliano Ciaramita, and Jos Lehmann A theoretical framework for ontology evaluation and validation SWAP 166 2005
30. A. Gómez-Pérez Knowledge sharing and reuse Journal: Handbook of Applied Expert Systems 1998 10 11
31. A. Gómez-Pérez, N. Juristo, and J. Pazos Evaluation and assessment of knowledge sharing technology N.J. Mars, Towards very large knowledge bases 1995 IOS Press 289 296
32. Michael Gruninger, and S. Fox Mark Methodology for the design and evaluation of ontologies IJCAI95 workshop on basic ontological issues in knowledge sharing, Montreal 1995
33. Guarino, N. and Welty, C.: Evaluating ontological decisions with OntoClean. Journal of Communications of the ACM, ACM Press, New York, NY, USA, Vol. 45, No. 2, pp. 61-65, 2002. (Pubitemid 135699725)
34. Nicola Guarino, and Christopher Welty Evaluating ontological decisions with OntoClean Journal of Communications of the ACM 45 2 2002
35. Nicola Guarino, and Christopher Welty Evaluating ontological decisions with OntoClean Journal of Communications of the ACM 45 2 2002 61 65 ACM (Pubitemid 135699725)
36. Nicola Guarino, and Chris Welty Ontological analysis of taxonomic relationships A. Laender, V. Storey, Proceedings of ER-2000: the 19th international conference on conceptual modeling October, 2000 Springer-Verlag
37. Nicola Guarino, and Chris Welty A formal ontology of properties R. Dieng, O. Corby, Proceedings of EKAW-2000: the 12th international conference on knowledge engineering and knowledge management LNCS vol. 1937/2000 October, 2000 Springer Berlin 97 112
38. Nicola Guarino, and Chris Welty Identity, unity, and individuation: towards a formal toolkit for ontological analysis W. Horn, Proceedings of ECAI-2000: the European conference on artificial intelligence August, 2000 IOS Press Amsterdam 219 223
39. Almut Herzog, Nahid Shahmehri, and Claudiu Duma An ontology of information security International Journal of Information Security and Privacy 1 4 2007
40. Ian Horrocks DAML+OIL: a description logic for the semantic web IEEE Data Engineering Bulletin 25 1 2002 4 9
41. Ian Horrocks, Peter F. Patel-Schneider, Harold Boley, Said Tabet, Benjamin Grosof, and Mike Dean SWRL: a semantic web rule language combining OWL and RuleML Journal: W3C Member submission 21 2004 79
42. HTTP-Mplex: an application layer multiplexing protocol for the hypertext transfer protocol (HTTP) 2005 http://www.mattson.com.au/robert/fulltext/216- 20050705-HTTP-MPLEX.pdf (Last visited Feb 15, 2014)
43. Hsien-Der Huang, Tsung-Yen Chuang, Yi-Lang Tsai, and Chang-Shing Lee Ontology-based intelligent system for malware behavioral analysis 2010 National Applied Research Laboratories, National Centre for High Performance Computing Taiwan
44. T.C. Hughes, and B.C. Ashpole The semantics of ontology alignment Technical report, DTIC Document 2004
45. Shao-Shin Hung, and Damon Shing-Min Lio A user-centric intrusion detection system by using ontology approach Proceedings of the 9th joint conference on information sciences JCIS 2006 Atlantis Press
46. Hypertext Transfer Protocol - HTTP/1.1 1999 RFC 2616 http://www.w3.org/ Protocols/rfc2616/rfc2616.html/ (Last visited April 11, 2014)
47. M. Ib, Oliver Hummel, Colin Atkinson, D. Hughes, P. Greenwood, and Reid Holmes et al. IBM rational software Journal: IEEE Software 11 5 1994 48 59
48. Information security vulnerabilities and exposures, intrusion detection (application security), new CVE-ID Format January 1, 2014 http://cve.mitre.org/ (Last visited April 12, 2014)
49. Gustavo Isaza, Andrés Castillo, Manuel López, and Luis Castillo Towards ontology-based intelligent model for intrusion detection and prevention Computational intelligence in security for information systems 2009 Springer 109 116
50. JMeter 2014 Apache Software Foundation Web page at http://jmeter.apache. Org (Last visited Feb 28, 2014)
51. Yu Jonathan, A. James Thom, and Audrey Tam Evaluating an ontology with OntoClean Proceedings of the 10th Australasian document computing symposium December 12, 2005 Sydney, Australia
52. Vladimir Jotsov Ontology-driven intrusion detection systems 8th international conference on knowledge-dialogue-solution 2007
53. Michael Kifer RIF overview 2nd ed. February 2013 State University of New York at Stony Brook Harold Boley, National Research Council Canada W3C Working Group Note 5
54. B. Kitchenham Procedures for performing systematic reviews in TR/SE-0401 2004 Software Engineering Group, Department of Computer Science, Keele University 33
55. Holger Knublauch, Ray W. Fergerson, Natalya F. Noy, and Mark A. Musen The protégé OWL plugin: an open development environment for semantic web applications The semantic web-ISWC 2004 2004 Springer 229 243 (Pubitemid 39743886)
56. A Dimitrios Koutsomitropoulos, D Georgia Solomou, and S Theodore Papatheodorou Semantic query answering in digital repositories: semantic search v2 for DSpace International Journal of Metadata, Semantics and Ontologies 8 1 2013 Inderscience
57. Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi Taxonomy of computer program security flaws ACM Computing Surveys 26 3 September 1994 211 254
58. Seok-Won Lee, Robin Gandhi, Divya Muthurajan, Deepak Yavagal, and Gail-Joon Ahn Building problem domain ontology from security requirements in regulatory documents Proceedings of the 2006 international workshop on software engineering for secure systems (SESS '06), Shanghai, China May 20-21, 2006 ACM Press New York, NY 43 50
59. Noella M. Mackenzie, and Lorraine M. Ling The research journey: a lonely planet approach Journal: Issues in Educational Research 19 1 2009
60. H. Mouratidis, and P. Giorgini An introduction, in integrating security and software engineering: advances and future visions 2006 Idea Group Publishing
61. Peng Ning, Sushil Jajodia, and Xiaoyang S. Wang Abstraction-based intrusion in distributed environments ACM Transactions on Information and Systems Security 4 4 November 2001 407 452
62. OWASP web application security attacks 2014 https://www.owasp.org/index. php/Category:Attack/ (Last visited Jan11, 2014)
63. Mary C. Parmelee Toward an ontology architecture for cyber-security standards the Mitre Corporation, 7515 Colshire Drive, McLean, VA 22102-7539, USA 2010
64. Victor Raskin, Christian F. Hempelmann, Katrina E. Triezenberg, and Sergie Nirenburg Ontology in information security: a useful theoretical foundation and methodological tool Proceedings of the 2001 workshop on new security paradigms (NSPW-2001) 2001 53 59
65. Abdul Razzaq, Khalid Latif, Hafiz F. Ahmad, Ali Hur, Zahid Anwar, and Peter C. Bloodsworth Semantic security against web application attacks Information Sciences 254 2014 19 38 Jan 2014
66. F Julian Reschke Initial hypertext transfer protocol (HTTP) authentication scheme registrations 2013 http://lists.w3.org/Archives/Public/ ietf-http-wg/2013OctDec/0962.html (Last visited Jan 7, 2014)
67. Dave Reynolds OWL 2 RL in RIF, W3C working group note 2010 World Wide Web Consortium (W3C) 2010 www.w3.org/ (Last visited April 9, 2014)
68. Jonathan Rosenberg, Henning Schulzrinne, Gonzalo Camarillo, Alan Johnston, Jon Peterson, and Robert Sparks et al. SIP: session initiation protocol 2002 Internet Engineering Task Force RFC 3261
69. S. Sangeetha, and V. Vaidehi Fuzzy aided application layer semantic intrusion detection system - FASIDS International Journal of Network Security and Its Applications (IJNSA) 2 2 April 2010
70. D.J. Schultz IEEE standard for developing software life cycle processes 1997 The Institute of Electrical and Electronics Engineers New York, USA IEEE Std, No. 1074-1997, ISBN:1-55937-993-6
71. Semantic Web's OntoClean community portal: industrial strength ontology cleaning 2012 http://semanticweb.org/wiki/OntoClean-Community-Portal (Last visited April 13, 2014)
72. Ofer Shezaf "ModSecurity core rule set", an open source rule set for generic detection of attacks against web applications OWASP AppSec Conference 2007
73. Anoop Singhal, and Duminda Wijesekera Ontologies for modeling enterprise level security metrics ACM 978-1-4503-0017-9, CSIIRW, Oak Ridge, Tennessee, USA April 21-23, 2010
74. Evren Sirin, Bijan Parsia, Bernardo Cuenca Grau, Aditya Kalyanpur, and Yarden Katz Pellet: a practical owl-dl reasoner Journal: Web Semantics: Science, Services and Agents on the World Wide Web 5 2 2007 51 53 Elsevier (Pubitemid 46856283)
75. Testing for HTTP splitting/smuggling 2014 OWASP-DV-016 https://www.owasp.org/index.php/Testing-for-HTTP-Splitting/Smuggling (Last visited Feb 28, 2014)
76. R. Gruber Thomas Towards principles for the design of ontologies used for knowledge sharing International Journal of Human-Computer Studies 43 5/6 1995 907 928
77. H. Tsoukas The firm as a distributed knowledge system: a constructionist approach Strategic Management Journal 17 1996 11 25
78. Bill Tsoumas, and Dimitris Gritzalis Towards a006E ontology-based security management 20th international conference on advanced information networking and applications, 2006(AINA 2006) vol. 1 2006 IEEE 985 992
79. Yannis Tzitzikas, Nicolas Spyratos, and Panos Constantopoulos Deriving valid expressions from ontology definitions 11th European-Japanese conference on information modelling and knowledge bases, Maribor, Slovenia 2001
80. Jeffrey Undercoffer, Tim Finin, Anupam Joshi, and John Pinkston A target centric ontology for intrusion detection: using DAML+OIL to classify intrusive behaviors Knowledge engineering review - special issue on ontologies for distributed systems 2005 Cambridge University Press 2 22
81. Johanna Volker, Denny Vrandevcic, and York Sure Automatic evaluation of ontologies (AEON) The Semantic Web-ISWC 2005 2005 Springer 716 731
82. Web Siren: a tool for rule creation and translation, semantic based web application security 2014 NUST University Pakistan https://github.com/SWASTeam/ WebSiren http://websiren.seecs.nust.edu.pk (Last visited March 30, 2014)
83. Chris Wysopal 2012 data breach investigations report Report. Verizonenterprise.com.Verizon, Application Security Specific Highlights March 22, 2012 http://www.veracode.com/blog/2012/03/verizon-data-breach-investigative- report-2012-application-security-specific-highlights/
84. J. Zhou, E. Niemelä, and A. Evesti Ontology-based software reliability modeling Proceedings of software and services variability management workshop - concepts, models and tools 2007 17 31 Helsinki, Finland