Using response action with Intelligent Intrusion detection and prevention System against web application malware

Information Management and Computer Security

Volumn 22, Issue 5, 2014, Pages 431-449

  Alazab, Ammar ^a   Hobbs, Michael ^b   Abawajy, Jemal ^c   Khraisat, Ansam ^b   Alazab, Mamoun ^d  

^a AMERICAN UNIVERSITY OF THE MIDDLE EAST   (Kuwait)

^b DEAKIN UNIVERSITY   (Australia)

^c DEAKIN UNIVERSITY   (Australia)

^d AUSTRALIAN NATIONAL UNIVERSITY   (Australia)

Author keywords

Information security; Risk management; Security

Indexed keywords

FUZZY LOGIC; MALWARE; RISK ASSESSMENT; RISK MANAGEMENT; SECURITY OF DATA;

ANOMALY BASED INTRUSION DETECTION SYSTEMS; DESIGN/METHODOLOGY/APPROACH; DETECTION EFFICIENCY; INTRUSION DETECTION AND PREVENTION SYSTEMS; INTRUSION DETECTION SYSTEMS; SECURITY; SECURITY DETECTION; WEB APPLICATION VULNERABILITY;

INTRUSION DETECTION;

EID: 84915760589     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/IMCS-02-2013-0007     Document Type: Article

References (32)

1. Alazab, A., Abawajy, J. and Hobbs, M. (2013), "Web malware that target web application", Social Network Engineering for Secure Web Data and Services, IGI Global, Hershey, PA, pp. 248-264.
2. Alazab, A., Hobbs, M., Abawajy, J. and Alazab, M. (2012), "Using feature selection for intrusion detection system", 2012 International Symposium on Communications and Information Technologies (ISCIT), Gold Coast, pp. 296-301.
3. Alazab, M., Ventatraman, S., Watters, P., Alazab, M. and Alazab, A. (2011a), "Cybercrime: the case of obuscated malware", in 7th International Conference on Global Security, Safety & Sustainability, Thessaloniki.
4. Alazab, M., Venkatraman, S., Watters, P. and Alazab, M. (2011b), "Zero-day malware detection based on supervised learning algorithms of API call signatures", Australasian Data Mining Conference (AusDM 11), Ballarat, pp. 171-182.
5. Corporation, M. (2003), "Improving web application security: threats and countermeasures", available at: http://msdn. microsoft.com/en-us/library/ff648644.aspx
6. Corporation, M. (2012), "Common vulnerabilities and exposures", available at: http://cve. mitre.org
7. Cole, E. (2011), Network Security Bible, Wiley, Vol. 768.
8. Cova, M., Balzarotti, D., Felmetsger, V. and Vigna, G. (2007), "Swaddler: an approach for the anomaly-based detection of state violations in web applications", Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID), Queensland, 5-7 September, pp. 63-86.
9. Dagorn, N. (2008), "WebIDS: a cooperative bayesian anomaly-based intrusion detection system for web applications (Extended Abstract) ", Recent Advances in Intrusion Detection, Springer Berlin, Heidelberg pp. 392-393.
10. Davis, J. J. and Clark, A. J. (2011), "Data preprocessing for anomaly based network intrusion detection: a review", Computers & Security, Vol. 30 Nos 6/7, pp. 353-375.
11. Elshoush, H. T. and Osman, I. M. (2011), "Alert correlation in collaborative intelligent intrusion detection systems - a survey", Applied Soft Computing, Vol. 11 No. 7, pp. 4349-4365.
12. Faysel, M. A. and Haque, S. S. (2010), "Towards cyber defense: research in intrusion detection and intrusion prevention systems", International Journal of Computer Science and Network Security, Vol. 10 No. 7, pp. 316-325.
13. García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G. and Vázquez, E. (2009), "Anomaly-based network intrusion detection: techniques, systems and challenges", Computers & Security, Vol. 28 Nos 1/2, pp. 18-28.
14. Gordeychik, S. (2010), "Web application security statistics", available at: www. Webappsec.org/projects/statistics
15. Horng, S. J., Su, M. Y., Chen, Y. H., Kao, T. W., Chen, R. J., Lai, J. L. and Perkasa, C. D. (2011), "A novel intrusion detection system based on hierarchical clustering and support vector machines", Expert Systems with Applications, Vol. 38 No. 1, pp. 306-313.
16. Jaiswal, A. and Jain, S. (2010), "Database intrusion prevention cum detection system with appropriate response", International Journal of Information Technology, Vol. 2 No. 2, pp. 651-656.
17. Kruegel, C. and Vigna, G. (2008), "Anomaly detection of web-based attacks", CCS'03 Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, 27-31 October, pp. 251-261.
18. Maggi, F., Robertson, W., Kruegel, C. and Vigna, G. (2009), "Protecting a moving target: addressing web application concept drift", Recent Advances in Intrusion Detection, Springer Berlin, Heidelberg, pp. 21-40.
19. Robertson, W. K. (2010), "Detecting and preventing attacks against web applications", PhD Dissertation, University of California at Santa Barbara, Santa Barbara, CA.
20. Robertson, W., Maggi, F. and Vigna, C. K. G. (2010), "Effective anomaly detection with scarce training data", Proceedings of the Network and Distributed System Security Symposium (NDSS).
21. Roesch, M. (1999), "Snort-lightweight intrusion detection for networks", Proceedings of the 13th USENIX Conference on System Administration, Seattle, Washington, 7-12 November, pp. 229-238.
22. Sadoddin, R. and Ghorbani, A. A. (2009), "An incremental frequent structure mining framework for real-time alert correlation", Computers & Security, Vol. 28 Nos 3/4, pp. 153-173.
23. Sekar, R., Bendre, M., Dhurjati, D. and Bollineni, P. (2001), "A fast automaton-based method for detecting anomalous program behaviors", Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 144-155.
24. Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M. and Dagenais, M. (2012), "Intrusion response systems: survey and taxonomy", International Journal of Computer Science Network Security, Vol. 12 No. 1, pp. 1-14.
25. SPADE, "Silicon defense", available at: www.silicondefense.com/software/spice
26. Stakhanova, N., Basu, S. and Wong, J. (2007), "A taxonomy of intrusion response systems", International Journal of Information and Computer Security, Vol. 1 Nos 1/2, pp. 169-184.
27. Taha, A. E., Ghaffar, I. A., Bahaa Eldin, A. M. and Mahdi, H. M. (2010), "Agent based correlation model for intrusion detection alerts", 2010 IEEE International Conference on Intelligence and Security Informatics (ISI), Vancouver, pp. 89-94.
28. Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A. A. (2009), "Adetailed analysisofthe KDD CUP 99 data set", Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009.
29. Vigna, G. and Kemmerer, R. A. (1999), "NetSTAT: a network-based intrusion detection system", Journal of Computer Security, Vol. 7 No. 1, pp. 37-72.
30. Vigna, G., Valeur, F., Balzarotti, D., Robertson, W., Kruegel, C. and Kirda, E. (2009), "Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries", Journal of Computer Security, Vol. 17 No. 3, pp. 305-329.
31. Wu, D. and Mendel, J. M. (2011), "Linguistic summarization using IF-THEN rules and interval type-2 fuzzy sets", IEEE Transactions on Fuzzy Systems, Vol. 19 No. 1, pp. 136-151.
32. Alazab, A., Alazab, M., Abawajy, J. and Hobbs, M. (2011), "Web application protection against SQL injection attack", Proceedings of the 7th International Conference on Information Technology and Applications, Hershey, PA, pp. 1-7.