Syntax, and semantics‐based signature database for hybrid intrusion detection systems

Barry, Bazara I. A.; Chan, H. Anthony

doi:10.1002/sec.77

Cited by 5 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the current generation of IDS systems in SCADA networks are often faced with several challenges. First, the majority of the existing systems, especially signaturebased, are purely syntactic and lack a clear description of intrusion behaviours and semantics of the monitored systems (Barry and Chan, 2009). This issue may result in missing the detection of sophisticated attacks (Hadžiosmanović et al, 2014) such as Stuxnet (Langner, 2011) that may exploit legitimate looking commands to cause damage on the system.…”

Section: Introductionmentioning

confidence: 99%

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Balushi

McLaughlin

Sezer

2016

Proceedings of the 13th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

Abstract:This paper presents the design, development, and validation of an ontology based SCADA intrusion detection system. The proposed system analyses SCADA network communications and can derive additional information based on the background knowledge and ontology models to enhance the intrusion detection data. The developed intrusion model captures network communications, cyber attacks and the context within the SCADA domain. Moreover, a set of semantic rules were constructed to detect various attacks and extract logical relationships among these attacks. The presented framework was extensively evaluated and a comparison to the state of the art is provided.

show abstract

Section: Introductionmentioning

confidence: 99%

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Balushi

McLaughlin

Sezer

2016

Proceedings of the 13th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

show abstract

“…Intrusion detection systems have been widely used to protect multitier web services, such as to detect known attacks by matching misused traffic patterns or signatures [7][8][9][10]. Individually, the web IDS and the database IDS can detect abnormal network traffic sent to either of them.…”

Section: Introductionmentioning

confidence: 99%

Using Container Architecture to Detect Intrusion for Multitier Web Application

Patil¹,

More²

2013

IJCA

View full text Add to dashboard Cite

An intrusion detection system is a computer-based information system designed to collect information about malicious activities in a set of targeted IT resources, analyze the information, and respond according to a predefined security policy. The most common computer intrusion detection systems detect signatures of known attacks by searching for attack-specific keywords in network traffic. Intrusion-detection systems aim at detecting attacks against computer systems and networks or in general, against information systems. This strategy is mainly focus on to detect intrusion in multitier web applications. Multitier web application include two ends that is front end as well as back end of the applications. The front end include web server which can responsible to run the application and gives that output to back end i.e. file server. This strategy is useful to identify the intrusion at both front end and back end of web application.

show abstract

“…To protect multi-tiered web services, Intrusion detection systems (IDS) have been widely used to detect known attacks by matching misused traffic patterns or signatures [34], [30], [33], [22]. A class of IDS that leverages machine learning can also detect unknown attacks by identifying abnormal network traffic that deviates from the so-called "normal" behavior previously profiled during the IDS training phase.…”

mentioning

confidence: 99%

DoubleGuard: Detecting Intrusions in Multitier Web Applications

Stavrou

Kang

2012

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multi-tiered design wherein the web server runs the application front-end logic and data is outsourced to a database or file server.In this paper, we present DoubleGuard, an IDS system that models the network behavior of user sessions across both the front-end web server and the back-end database. By monitoring both web and subsequent database requests, we are able to ferret out attacks that an independent IDS would not be able to identify. Furthermore, we quantify the limitations of any multitier IDS in terms of training sessions and functionality coverage. We implemented DoubleGuard using an Apache web server with MySQL and lightweight virtualization. We then collected and processed real-world traffic over a 15-day period of system deployment in both dynamic and static web applications. Finally, using DoubleGuard, we were able to expose a wide range of attacks with 100% accuracy while maintaining 0% false positives for static web services and 0.6% false positives for dynamic web services.

show abstract

Syntax, and semantics‐based signature database for hybrid intrusion detection systems

Cited by 5 publications

References 21 publications

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Using Container Architecture to Detect Intrusion for Multitier Web Application

DoubleGuard: Detecting Intrusions in Multitier Web Applications

Contact Info

Product

Resources

About