Toward a novel classification-based attack detection and response architecture

Souissi, Samih

doi:10.1109/nof.2015.7333305

Cited by 3 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their approach contributes in simplifying complicated rule expressions and alert management using a modular design and instinctive rules defined with with a strong expression language. It has the ability to learn from previous attack detecttions and it is not focused on the attack itself instead it is concentrated on attack category; this property helps to sum up defense mechanisms and automates response [19].…”

Section: Related Workmentioning

confidence: 99%

Online Database Intrusion Detection System Based on Query Signatures

Alhadithy

Omar

2017

J Univ Hum Dev

View full text Add to dashboard Cite

SQL injection (SQLI) is a major type of attack that threatens the integrity, confidentiality and authenticity or functionality of any database driven web application. It allows the attacker to gain unauthorized access to the back-end database by exploiting the vulnerabilities within the system in order to commit an attack and access resources. Database Intrusion Detection System (DIDS) is the defense against SQLI that is used as a detection and prevention technique to protect any database driven web application. In this paper a proposed system is presented to protect the web application from SQLI. This proposed system uses a new technique of signature- based detection. It depends on secure hash algorithm (SHA-1), which is used to check the signature for the submitted queries and to decide whether these queries are valid, or not. The proposed system can distinguish and prevent hacking attempts by detecting the attacker, blocking his/her request, and preventing him/her from accessing the web application again. The proposed system was tested using Sqlmapproject attacking tool. Sqlmapproject was used to attack the web application (built using PHP and MySQL server) before and after protection. The results show that the proposed system works correctly and it can protect the web application system with good performance and high efficiency.

show abstract

Section: Related Workmentioning

confidence: 99%

Online Database Intrusion Detection System Based on Query Signatures

Alhadithy

Omar

2017

J Univ Hum Dev

View full text Add to dashboard Cite

show abstract

“…This language is used in our AIDD (Attack Identification, Description and Defense) architecture defined in [14]. This language may have several applications.…”

Section: Potential Applicationsmentioning

confidence: 99%

“…We take into consideration 2 types of attacks: a simple one with SQL injection and complex attack scenario. We use in these cases the AIDD system we defined in [14] for attack detection. This system uses our Composed Language to define rules.…”

Section: Use Casementioning

confidence: 99%

Toward a novel rule-based attack description and response language

Souissi

2015

2015 11th International Conference on Information Assurance and Security (IAS)

Self Cite

View full text Add to dashboard Cite

In recent years, attacks have become more diverse and complex, their detection has emerged as a major issue and a primary security challenge. There is a need to represent and share information about these attacks. This paper presents a new language for attack detection and response. The objective is to simplify complex rules' expression, thanks to a modular and intuitive syntax that gives a high power of expression. The originality of our approach is that rules' syntax can be deduced from a certain behavior or automatically generated from a valid behavioral scenario. The paper presents the main concepts behind the proposed approach that deals with the growing complexity of information systems, applications and attacks.

show abstract