The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS USING DOUBLEGUARDIJCI JOURNAL
Today, the use of distinct internet services and their applications by people are increase in very large amount. Due to its usage, it results the increase in data complexity. So, web services turn their focus on multi-tier design where web server acts as front-end and database server acts as back-end. Attackers try to hack personal data by targeting database server, hence it need to provide more security to both web server and database server. In this paper, the doubleguard system proposes an efficient intrusion detection and prevention system which detects and prevents various attacks in multi-tier web applications. This IDS system keeps track of all user sessions across both web server and database server. For this, it allocates the dedicated web container to each user’s session. Each user is associated with unique session ID which enhances more security. The system built well correlated model for website and detects and prevents various type of attacks. The system is implemented by using Apache webserver with MySQL.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
An Efficient Classification Mechanism For Network Intrusion Detection System Based on Data Mining
Techniques:A Survey..........................................................................................................................1
Subaira A. S. and Anitha P.
Automated Biometric Verification: A Survey on Multimodal Biometrics ..............................................1
Rupali L. Telgad, Almas M. N. Siddiqui and Dr. Prapti D. Deshmukh
Design and Implementation of Intelligence Car Parking Systems ........................................................1
Ogunlere Samson, Maitanmi Olusola and Gregory Onwodi
Intrusion Detection Techniques for Mobile Ad Hoc and Wireless Sensor Networks..............................1
Rakesh Sharma, V. A. Athavale and Pinki Sharma
Performance Evaluation of Sentiment Mining Classifiers on Balanced and Imbalanced Dataset ...........1
G.Vinodhini and R M. Chandrasekaran
Demosaicing and Super-resolution for Color Filter Array via Residual Image Reconstruction and Sparse
Representation..................................................................................................................................1
Jie Yin, Guangling Sun and Xiaofei Zhou
Determining Weight of Known Evaluation Criteria in the Field of Mehr Housing using ANP Approach ..1
Saeed Safari, Mohammad Shojaee, Mohammad Tavakolian and Majid Assarian
Application of the Collaboration Facets of the Reference Model in Design Science Paradigm ...............1
Lukasz Ostrowski and Markus Helfert
Personalizing Education News Articles Using Interest Term and Category Based Recommender
Approaches .......................................................................................................................................1
Detection of Rogue Access Point in WLAN using Hopfield Neural Network IJECEIAES
The serious issue in the field of wireless communication is the security and how an organization implements the steps against security breach. The major attack on any organization is Man in the Middle attack which is difficult to manage. This attack leads to number of unauthorized access points, called rogue access points which are not detected easily. In this paper, we proposed a Hopfield Neural Network approach for an automatic detection of these rogue access points in wireless networking. Here, we store the passwords of the authentic devices in the weight matrix format and match the patterns at the time of login. Simulation experiment shows that this method is more secure than the traditional one in WLAN.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
The document proposes a new system called PhishDect and Mitigator to detect and mitigate phishing attacks using software-defined networking (SDN). It uses deep packet inspection techniques and a convolutional neural network (CNN) to classify phishing signatures. Traffic is directed through either a "store and forward" or "forward and inspect" mode. In store and forward mode, packets are stored and inspected before forwarding. In forward and inspect mode, packets are forwarded first and then a copy is inspected. The system aims to overcome limitations of existing phishing detection methods.
INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS USING DOUBLEGUARDIJCI JOURNAL
Today, the use of distinct internet services and their applications by people are increase in very large amount. Due to its usage, it results the increase in data complexity. So, web services turn their focus on multi-tier design where web server acts as front-end and database server acts as back-end. Attackers try to hack personal data by targeting database server, hence it need to provide more security to both web server and database server. In this paper, the doubleguard system proposes an efficient intrusion detection and prevention system which detects and prevents various attacks in multi-tier web applications. This IDS system keeps track of all user sessions across both web server and database server. For this, it allocates the dedicated web container to each user’s session. Each user is associated with unique session ID which enhances more security. The system built well correlated model for website and detects and prevents various type of attacks. The system is implemented by using Apache webserver with MySQL.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
An Efficient Classification Mechanism For Network Intrusion Detection System Based on Data Mining
Techniques:A Survey..........................................................................................................................1
Subaira A. S. and Anitha P.
Automated Biometric Verification: A Survey on Multimodal Biometrics ..............................................1
Rupali L. Telgad, Almas M. N. Siddiqui and Dr. Prapti D. Deshmukh
Design and Implementation of Intelligence Car Parking Systems ........................................................1
Ogunlere Samson, Maitanmi Olusola and Gregory Onwodi
Intrusion Detection Techniques for Mobile Ad Hoc and Wireless Sensor Networks..............................1
Rakesh Sharma, V. A. Athavale and Pinki Sharma
Performance Evaluation of Sentiment Mining Classifiers on Balanced and Imbalanced Dataset ...........1
G.Vinodhini and R M. Chandrasekaran
Demosaicing and Super-resolution for Color Filter Array via Residual Image Reconstruction and Sparse
Representation..................................................................................................................................1
Jie Yin, Guangling Sun and Xiaofei Zhou
Determining Weight of Known Evaluation Criteria in the Field of Mehr Housing using ANP Approach ..1
Saeed Safari, Mohammad Shojaee, Mohammad Tavakolian and Majid Assarian
Application of the Collaboration Facets of the Reference Model in Design Science Paradigm ...............1
Lukasz Ostrowski and Markus Helfert
Personalizing Education News Articles Using Interest Term and Category Based Recommender
Approaches .......................................................................................................................................1
Detection of Rogue Access Point in WLAN using Hopfield Neural Network IJECEIAES
The serious issue in the field of wireless communication is the security and how an organization implements the steps against security breach. The major attack on any organization is Man in the Middle attack which is difficult to manage. This attack leads to number of unauthorized access points, called rogue access points which are not detected easily. In this paper, we proposed a Hopfield Neural Network approach for an automatic detection of these rogue access points in wireless networking. Here, we store the passwords of the authentic devices in the weight matrix format and match the patterns at the time of login. Simulation experiment shows that this method is more secure than the traditional one in WLAN.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
The document proposes a new system called PhishDect and Mitigator to detect and mitigate phishing attacks using software-defined networking (SDN). It uses deep packet inspection techniques and a convolutional neural network (CNN) to classify phishing signatures. Traffic is directed through either a "store and forward" or "forward and inspect" mode. In store and forward mode, packets are stored and inspected before forwarding. In forward and inspect mode, packets are forwarded first and then a copy is inspected. The system aims to overcome limitations of existing phishing detection methods.
Intrusion detection architecture for different network attackseSAT Journals
Abstract Now these days most of the work is carried out by internet. So web application becomes important part of today’s life, such as online banking, social networking, online shopping, enabling communication and management of personal information. So web services now have shifted to multi-tier design to accommodate this increase in web application and data complexity. Due to this high use of web application networks attacks increased with malicious purpose. DoubleGuard is an Intrusion Detection System helps to detect and prevent the networks attacks. DoubleGuard is able to find out attacks after checking web and database requests. Along with this, in this paper adding one more level that is admin, it is responsible for the training to the system, log generation, blacklist and employee entry. This IDS system provides security to prevent both the web server and database server. Key Words: DoubleGuard; Web Application; Multitier; IDS; Attacks.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Us20140380431 Patent: COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST...Telefónica
A computer implemented method and computer program
products to prevent attacks against authorization systems
The computer implemented method comprising controlling
the access to different resources and actions de?ned for a user
by a ?rst server, reducing the exposure time at Which such
operations are available and establishing a dual channel verification through the use of a second server.
The computer programs implement the method.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
Detection and prevention of keylogger spyware attacksIAEME Publication
This document summarizes a proposed method for detecting and preventing keylogger spyware attacks. Keylogger spyware poses a serious threat by recording keyboard keystrokes to steal sensitive information like passwords and account numbers. The proposed method uses a detection and prevention system to identify keyloggers and remove them from infected systems. It aims to protect systems from this type of malware in a network. The document provides an overview of different types of malware like adware, spyware, and keyloggers, and describes how keylogger spyware works by logging keystrokes and transmitting the stolen data to malicious users.
An Extensive Survey of Intrusion Detection SystemsIRJET Journal
This document summarizes an extensive survey of intrusion detection systems. It discusses the general architecture of IDS, including host-based and network-based systems. It describes different types of attacks (e.g. DoS, probing, user-to-root) and defenses. It analyzes previous work applying data mining techniques like machine learning to improve detection rates and reduce false alarms. A key problem is the massive number of false alarms that overburden security managers; the document aims to investigate solutions to lower the false alarm rate so that real threats are not missed.
- Security is a concept similar to being cautious
or alert against any danger. Network security is the condition of
being protected against any danger or loss. Thus safety plays a
important role in bank transactions where disclosure of any data
results in big loss. We can define networking as the combination
of two or more computers for the purpose of resource sharing.
Resources here include files, database, emails etc. It is the
protection of these resources from unauthorized users that
brought the development of network security. It is a measure
incorporated to protect data during their transmission and also
to ensure the transmitted is protected and authentic.
Security of online bank transactions here has been
improved by increasing the number of bits while establishing the
SSL connection as well as in RSA asymmetric key encryption
along with SHA1 used for digital signature to authenticate the
user
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
This document describes a system for detecting denial-of-service (DoS) attacks based on multivariate correlation analysis (MCA). The system generates normal traffic profiles using MCA to analyze legitimate training records. It then measures the dissimilarity between live traffic and normal profiles using Mahalanobis distance, flagging records above a threshold as potential attacks. If a record's distance exceeds the threshold, it is identified as a DoS attack. The system is intended to accurately detect both known and unknown DoS attacks compared to existing detection methods.
IRJET- Crypto-Currencies How Secure are they?IRJET Journal
This document discusses the security of cryptocurrencies. It begins by defining cryptocurrency and explaining how cryptocurrency transactions work using blockchain technology. It then discusses some of the key properties of cryptocurrencies like irreversibility, pseudonymity, and controlled supply. The document outlines some benefits of cryptocurrencies like lack of third party seizure and anonymity, but also challenges like high energy usage and possibility of lost wallets. It then discusses some specific security issues with blockchain like its complexity, size of the network, and traditional scams. It concludes by covering security issues with cryptocurrencies like spoofing payment information, errors in user addresses, and loss of wallet files.
Autonomic Anomaly Detection System in Computer Networksijsrd.com
This paper describes how you can protect your system from Intrusion, which is the method of Intrusion Prevention and Intrusion Detection .The underlying premise of our Intrusion detection system is to describe attack as instance of ontology and its first need is to detect attack. In this paper, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-governing: self-labeling, self-updating and self-adapting. Our structure employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies.
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
IRJET- Cyber Attacks and its different TypesIRJET Journal
This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include:
1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service.
2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others.
3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users.
4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction.
Countermeasures to these attacks include firewall
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
This document summarizes a research paper that proposes using mobile agents to improve intrusion detection systems. The paper presents an architecture for an intrusion detection system that uses mobile agents to autonomously collect intrusion-related information from systems on a network. Information collector agents gather data, while chasing agents work to trace the path of intrusions and locate their origin. The paper evaluates this approach and discusses how mobile agents can enhance intrusion detection through their mobility and autonomous functionality.
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
This document proposes using location as a fourth factor for authentication in addition to the traditional three factors of what you know, what you have, and what you are. It aims to address limitations of current authentication techniques for dealing with insider threats. Specifically, current methods do not provide continuous identification tracking or allow for real-time enforcement of security policies. The document outlines general rules an authentication system should follow, including not hindering users or violating physical laws. It argues that using accurate location tracking from real-time locating systems could satisfy the rules by providing continuous authentication without inconveniencing users. The document then discusses requirements for an insider threat prevention system that would actively monitor for malicious insider behavior using location as the fourth authentication factor.
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
Client side attacks are those which exploits the vulnerabilities in client side applications such as browsers, plug-ins etc. The remote attackers execute the malicious code in end user’s system without his knowledge. Here in this research, we propose to detect and measure the drive by download class of malware which infect the end user’s system through HTTP based propagation mechanism. The purpose of this research is to introduce a class of technology known as client honeypot through which we execute the domains in a virtual machine in more optimized manner. Those virtual machines are the controlled environment for the execution of those URLs. During the execution of the websites, the PE files dropped into the system are logged and further analyzed for categorization of malware. Further the critical analysis has been performed by applying some reverse engineering techniques to categories the class of malware and source of infections performed by the malware.
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
This document summarizes a research paper on current studies of intrusion detection systems using genetic algorithms and fuzzy logic. The paper presents an overview of intrusion detection systems, including different techniques like misuse detection and anomaly detection. It discusses using genetic algorithms to generate fuzzy rules to characterize normal and abnormal network behavior in order to reduce false alarms. The paper also outlines the dataset, genetic algorithm approach, and use of fuzzy logic that are proposed for the intrusion detection system.
Intrusion detection systems aim to detect unauthorized access to computer systems and networks. There are three main types: anomaly-based detection identifies deviations from normal behavior profiles; signature-based detection looks for known threat patterns; and hybrid detection combines the two approaches. Intrusion detection systems are also classified based on their monitoring scope, including network-based systems that monitor network traffic and host-based systems that monitor logs and activities on individual computers. Recent research focuses on developing more effective hybrid systems and methods that can detect both known and unknown threats.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Intrusion detection architecture for different network attackseSAT Journals
Abstract Now these days most of the work is carried out by internet. So web application becomes important part of today’s life, such as online banking, social networking, online shopping, enabling communication and management of personal information. So web services now have shifted to multi-tier design to accommodate this increase in web application and data complexity. Due to this high use of web application networks attacks increased with malicious purpose. DoubleGuard is an Intrusion Detection System helps to detect and prevent the networks attacks. DoubleGuard is able to find out attacks after checking web and database requests. Along with this, in this paper adding one more level that is admin, it is responsible for the training to the system, log generation, blacklist and employee entry. This IDS system provides security to prevent both the web server and database server. Key Words: DoubleGuard; Web Application; Multitier; IDS; Attacks.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Us20140380431 Patent: COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST...Telefónica
A computer implemented method and computer program
products to prevent attacks against authorization systems
The computer implemented method comprising controlling
the access to different resources and actions de?ned for a user
by a ?rst server, reducing the exposure time at Which such
operations are available and establishing a dual channel verification through the use of a second server.
The computer programs implement the method.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
Detection and prevention of keylogger spyware attacksIAEME Publication
This document summarizes a proposed method for detecting and preventing keylogger spyware attacks. Keylogger spyware poses a serious threat by recording keyboard keystrokes to steal sensitive information like passwords and account numbers. The proposed method uses a detection and prevention system to identify keyloggers and remove them from infected systems. It aims to protect systems from this type of malware in a network. The document provides an overview of different types of malware like adware, spyware, and keyloggers, and describes how keylogger spyware works by logging keystrokes and transmitting the stolen data to malicious users.
An Extensive Survey of Intrusion Detection SystemsIRJET Journal
This document summarizes an extensive survey of intrusion detection systems. It discusses the general architecture of IDS, including host-based and network-based systems. It describes different types of attacks (e.g. DoS, probing, user-to-root) and defenses. It analyzes previous work applying data mining techniques like machine learning to improve detection rates and reduce false alarms. A key problem is the massive number of false alarms that overburden security managers; the document aims to investigate solutions to lower the false alarm rate so that real threats are not missed.
- Security is a concept similar to being cautious
or alert against any danger. Network security is the condition of
being protected against any danger or loss. Thus safety plays a
important role in bank transactions where disclosure of any data
results in big loss. We can define networking as the combination
of two or more computers for the purpose of resource sharing.
Resources here include files, database, emails etc. It is the
protection of these resources from unauthorized users that
brought the development of network security. It is a measure
incorporated to protect data during their transmission and also
to ensure the transmitted is protected and authentic.
Security of online bank transactions here has been
improved by increasing the number of bits while establishing the
SSL connection as well as in RSA asymmetric key encryption
along with SHA1 used for digital signature to authenticate the
user
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
This document describes a system for detecting denial-of-service (DoS) attacks based on multivariate correlation analysis (MCA). The system generates normal traffic profiles using MCA to analyze legitimate training records. It then measures the dissimilarity between live traffic and normal profiles using Mahalanobis distance, flagging records above a threshold as potential attacks. If a record's distance exceeds the threshold, it is identified as a DoS attack. The system is intended to accurately detect both known and unknown DoS attacks compared to existing detection methods.
IRJET- Crypto-Currencies How Secure are they?IRJET Journal
This document discusses the security of cryptocurrencies. It begins by defining cryptocurrency and explaining how cryptocurrency transactions work using blockchain technology. It then discusses some of the key properties of cryptocurrencies like irreversibility, pseudonymity, and controlled supply. The document outlines some benefits of cryptocurrencies like lack of third party seizure and anonymity, but also challenges like high energy usage and possibility of lost wallets. It then discusses some specific security issues with blockchain like its complexity, size of the network, and traditional scams. It concludes by covering security issues with cryptocurrencies like spoofing payment information, errors in user addresses, and loss of wallet files.
Autonomic Anomaly Detection System in Computer Networksijsrd.com
This paper describes how you can protect your system from Intrusion, which is the method of Intrusion Prevention and Intrusion Detection .The underlying premise of our Intrusion detection system is to describe attack as instance of ontology and its first need is to detect attack. In this paper, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-governing: self-labeling, self-updating and self-adapting. Our structure employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies.
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
IRJET- Cyber Attacks and its different TypesIRJET Journal
This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include:
1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service.
2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others.
3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users.
4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction.
Countermeasures to these attacks include firewall
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
This document summarizes a research paper that proposes using mobile agents to improve intrusion detection systems. The paper presents an architecture for an intrusion detection system that uses mobile agents to autonomously collect intrusion-related information from systems on a network. Information collector agents gather data, while chasing agents work to trace the path of intrusions and locate their origin. The paper evaluates this approach and discusses how mobile agents can enhance intrusion detection through their mobility and autonomous functionality.
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
This document proposes using location as a fourth factor for authentication in addition to the traditional three factors of what you know, what you have, and what you are. It aims to address limitations of current authentication techniques for dealing with insider threats. Specifically, current methods do not provide continuous identification tracking or allow for real-time enforcement of security policies. The document outlines general rules an authentication system should follow, including not hindering users or violating physical laws. It argues that using accurate location tracking from real-time locating systems could satisfy the rules by providing continuous authentication without inconveniencing users. The document then discusses requirements for an insider threat prevention system that would actively monitor for malicious insider behavior using location as the fourth authentication factor.
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
Client side attacks are those which exploits the vulnerabilities in client side applications such as browsers, plug-ins etc. The remote attackers execute the malicious code in end user’s system without his knowledge. Here in this research, we propose to detect and measure the drive by download class of malware which infect the end user’s system through HTTP based propagation mechanism. The purpose of this research is to introduce a class of technology known as client honeypot through which we execute the domains in a virtual machine in more optimized manner. Those virtual machines are the controlled environment for the execution of those URLs. During the execution of the websites, the PE files dropped into the system are logged and further analyzed for categorization of malware. Further the critical analysis has been performed by applying some reverse engineering techniques to categories the class of malware and source of infections performed by the malware.
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
This document summarizes a research paper on current studies of intrusion detection systems using genetic algorithms and fuzzy logic. The paper presents an overview of intrusion detection systems, including different techniques like misuse detection and anomaly detection. It discusses using genetic algorithms to generate fuzzy rules to characterize normal and abnormal network behavior in order to reduce false alarms. The paper also outlines the dataset, genetic algorithm approach, and use of fuzzy logic that are proposed for the intrusion detection system.
Intrusion detection systems aim to detect unauthorized access to computer systems and networks. There are three main types: anomaly-based detection identifies deviations from normal behavior profiles; signature-based detection looks for known threat patterns; and hybrid detection combines the two approaches. Intrusion detection systems are also classified based on their monitoring scope, including network-based systems that monitor network traffic and host-based systems that monitor logs and activities on individual computers. Recent research focuses on developing more effective hybrid systems and methods that can detect both known and unknown threats.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
This document discusses a modular approach to intrusion detection in homogeneous wireless networks. It begins by introducing wireless networks and the need for intrusion detection systems (IDS) due to security vulnerabilities. It then discusses different types of IDS, including signature-based detection that identifies known attacks, and anomaly-based detection that identifies deviations from normal behavior but can result in high false positives. The document proposes a modular approach combining advantages of signature-based and anomaly-based detection for high detection rates and low false positives. Requirements for IDS in wireless networks are also outlined.
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
This document proposes an intrusion detection system using customized rules for the Snort tool to improve security. The system uses Wireshark to scan network traffic for anomalies, Snort to detect attacks using customized rulesets for faster response times, and Wazuh and Splunk to analyze log files. Rules are created using the Snorpy tool and added to Snort to monitor for specific attacks like ICMP ping impersonation and authentication attempts. When attacks are attempted, the system successfully detects them and logs the alerts. The integration of these tools provides low-cost intrusion detection capabilities with automated threat identification and faster response compared to existing Snort configurations.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFAIJNSA Journal
Intrusion Detection & Prevention Systems generally aims at detecting / preventing attacks against Information systems and networks. The basic task of IDPS is to monitor network & system traffic for any malicious packets/patterns and hence to prevent any unwarranted incidents which leads the systems to insecure state. The monitoring is done by checking each packet for its validity against the signatures formulated for identified vulnerabilities. Since, signatures are the heart & soul of an Intrusion Detection and Prevention System (IDPS), we, in this paper, discuss two methodologies we adapted in our research effort to improve the current Intrusion Detection and Prevention (IDP) systems. The first methodology RUDRAA is for formulating, verifying & validating the potential signatures to be used with IDPS. The second methodology DSP-FED is aimed at processing the signatures in less time with our proposed fast elimination method using DFA. The research objectives of this project are 1) To formulate & process potential IPS signatures to be used with Intrusion prevention system. 2) To propose a DFA based approach for signature processing which, upon a pattern match, could process the signatures faster else could eliminate it efficiently if not matched
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
To improve network security different steps has been taken as size and importance of the network has
increases day by day. Then chances of a network attacks increases Network is mainly attacked by some
intrusions that are identified by network intrusion detection system. These intrusions are mainly present in data
packets and each packet has to scan for its detection. This paper works to develop a intrusion detection system
which utilizes the identity and signature of the intrusion for identifying different kinds of intrusions. As network
intrusion detection system need to be efficient enough that chance of false alarm generation should be less,
which means identifying as a intrusion but actually it is not an intrusion. Result obtained after analyzing this
system is quite good enough that nearly 90% of true alarms are generated. It detect intrusion for various
services like Dos, SSH, etc by neural network
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...IIJSRJournal
With the rapid advancement of computer technology during the last couple of decades. Computer systems are commonly used in manufacturing, corporate, as well as other aspects of human living. As a result, constructing dependable infrastructures is a major challenge for IT managers. On the contrary side, this same rapid advancement of technology has created numerous difficulties in building reliable networks which are challenging tasks. There seem to be numerous varieties of attacks that affect the accessibility, authenticity, as well as secrecy of communications systems. In this paper, an in-depth and all-inclusive description of artificial intelligence methods used for the detection of network intrusions is discussed in detail.
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Intrusion Detection Systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Intrusion detection systems (IDSs) are designed and installed to aid in deterring or mitigating the damage that can be caused by hacking, or breaking into sensitive IT systems. . The attacks can come from outsider attackers on the Internet, authorized insiders who misuse the privileges that have been given them and unauthorized insiders who attempt to gain unauthorized privileges. IDSs cannot be used in isolation, but must be part of a larger framework of IT security measures. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. In this paper we examine string matching algorithm and their use for Intrusion Detection. Keywords: System Design, Network Algorithm
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Similar to Pattern Analysis and Signature Extraction for Intrusion Attacks on Web Services (20)
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web Services
1. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
DOI : 10.5121/ijnsa.2010.2313 190
Pattern Analysis and Signature Extraction for
Intrusion Attacks on Web Services
Urjita Thakar1
, Nirmal Dagdee2
, Sudarshan Varma3
1
Reader, Computer Engineering Department,
Shri G.S. Institute of Technology and Science,
23, Visweswaraiya Road, Indore,
MP, 452 003 India
urjita@rediffmail.com,uthakar@sgsits.ac.in
2
Director and Professor, Computer Science and Information Technology,
S.D. Bansal College of Technology,
A.B. Road, Umaria,
Indore, MP, India
nirmal_dagdee@rediffmail.com
3
Project Manager, Ideavate Solutions,
2101 Highway 516, Suite F Old Bridge, NJ 08857, USA
sudarshan.varma@ideavate.com
ABSTRACT
The increasing popularity of web service technology is attracting hackers and attackers to hack the web
services and the servers on which they run. Organizations are therefore facing the challenge of
implementing adequate security for Web Services. A major threat is that of intruders which may
maliciously try to access the data or services. The automated methods of signature extraction extract the
binary pattern blindly resulting in more false positives. In this paper a semi automated approach is
proposed to analyze the attacks and generate signatures for web services. For data collection, apart from
the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value.
To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system
administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack
signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator
to identify the web services that are vulnerable or are attacked more frequently.
KEYWORDS
Web services, Intruders, Signatures, Honeypots, Classifier
1. INTRODUCTION
With the increasing popularity and growth of the Internet, more and more web applications and
web services are being deployed. Web services are software components that are meant to be
used by other users over the Internet. They are widely used by businesses for their business
transactions. Web services are fundamentally based on Web Services Description Language
(WSDL), Universal Directory and Description Interface (UDDI) and Simple Object Access
Protocol (SOAP) technologies. WSDL documents are used to publish the service descriptions.
UDDI directories can be used by service requestors to find the available services. SOAP is a
messaging protocol, which is used for communicating messages between two parties. SOAP
messages are transported using protocols like HTTP, SMTP etc. The SOAP server usually runs
on a web server, therefore the threats existing for a web server also exist for a SOAP server [1].
An attacker can send a specially-formulated SOAP request to cause a denial of service condition
on a SOAP server.
2. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
191
Even though the SOAP message body can be encrypted, network eavesdropping may lead to
disclosure of confidential information. Some existing standards and specifications such as WS-
Security [2], WS-SecureConversation [3], WS-SecurityPolicy [4] etc. are meant for applying
security during communication of the SOAP messages and usage of web services.
As web services are being popularly used by businesses, attackers are getting attracted to hack the
web services and the servers on which they run. A major threat is that of intruders which may
maliciously try to access the data or services. Thus, the servers on which web services run need to
be protected from intruders. Therefore, Intrusion Detection systems need to be employed.
Signature based IDS are popularly being used. Honeypots are a highly flexible security tool with
a variety of applications for security [5]. They are a security resource that does not have any
production or authorized activity but have an important use in intrusion prevention, detection and
information gathering. Honeypot collects very little data and that is normally of high value. This
information can be used in extraction of intrusion detection signature.
Many common intrusion detection systems often work as misuse detectors, where the packets in
the monitored network are compared against a repository of signatures that define characteristics
of an intrusion. Successful matching causes alerts to be fired. The signature often consists of one
or more specific binary patterns found in a given network packet. The signature can be described
as a boolean relation called rule [6]. Continuous updation of the signature database is essential
since as intrusion detection system is able to recognize an attack only when the signature for it is
known. Also, continuous efforts are required to detect new attacks and determine appropriate
signatures from them. Moreover, a slight change in the attack scenario may be enough to alter the
attack signature and thus fool a signature filter. They are consequently vulnerable to polymorphic
attacks and other evasion techniques which are expected to grow in the near future. The creation
of these signatures is a tedious process that requires detailed knowledge of each software exploit
that is to be captured and a large pool of ASCII-log data to analyze. The automated extraction of
the signatures like longest common substring (LCS) algorithm to the database of attack log data
as presented in [7] extracts the binary pattern blindly, resulting in more false positives. Signature
extraction discussed in [8] does not consider attacks at application layer and needs to be improved
for extraction of signatures for attacks on web services. Also, better data analysis methods need to
be employed on the traffic log data.
In this paper, we discuss various common attacks on web services and present a method that can
be used in analysis of the intrusion patterns and signature extraction for them. These extracted
signatures can be used in signature based IDS. We present a system to facilitate extraction of
balanced attack signatures to avoid too many false positives or negatives. The presented system
architecture is generalized and allows the Security Administrator to determine which web
services are being attacked more frequently and need more protection. A prototype of the
proposed system is implemented using an SVM based semi-supervised classifier, honeypot
framework and SOAP traffic loggers.
Rest of the paper is organized as follows – Related work has been discussed in section 2. In
section 3 common attacks on web services are discussed. In Section 4 a brief overview of
Intrusion detection systems and Honeypots is presented. Overview of the classification technique
is discussed in section 5. The proposed system is presented in Section 6. The prototype
development details are given in section 7. Features of the proposed system are discussed in
section 8 and conclusions are drawn in section 9. The future work is also presented in this section.
2. RELATED WORK
In the literature, two basic techniques used to detect intruders have been discussed; namely,
anomaly detection and misuse detection (signature detection). Anomaly Detection is designed to
uncover abnormal patterns of behavior, the IDS establish a baseline of normal usage patterns, and
anything that widely deviates from it is flagged as a possible intrusion. Misuse Detection,
3. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
192
commonly called signature detection, uses specifically known patterns of unauthorized behavior
to predict and detect subsequent similar attempts. These specific patterns are called signatures [7].
A tool discussed for signature extraction as discussed in [8] does not consider attacks at
application layer. The data analysis method presented in [9] needs to be improved to filter log
data to obtain higher concentration of attacks for precise signature extraction.
In [10], Honeypots have been discussed as a means of simple and cost-effective intrusion
detection. These have been successfully applied for network intrusion detection widely. However,
these have not been used for protection at application layer so far. An application layer intrusion
detection method for SQL Injection attack technique has been discussed in [11].
Some researchers have proposed intrusion detection systems for distributed environments. A.
Abraham et al. have proposed a distributed intrusion detection system based on fuzzy-rule based
classifiers. The intrusion detection and monitoring in this work is performed at network layer
[12]. The distributed intrusion detection system is based on network and transport layer data. The
system requires the audit data collected from different places to be sent to a central location for
analysis [13]. A method that uses Fuzz-Trust model for authentication and Honey tokens for
detection of intrusion in web services has been discussed in [14]. It is useful for defense against
DoS and DDoS attacks.
Machine learning classifiers use object characteristics to identify the class or group it belongs to.
A linear classifier achieves classification based on the value of a linear combination of
characteristics that are presented in the form of a vector ’feature vector’ to the machine for
classification. Several classifiers exist such as Neural network based [17], Genetic Algorithm
based [18], Decision tree based [19] etc. These have been used for classification of intrusion
attacks by various researchers [15] [16]. The data sets used in these works contain intrusion
attacks at network and transport layer.
3. WEB SERVICES AND POSSIBLE ATTACKS ON THEM
3.1 Web Services
A web service is a software application identified by a Uniform Resource Identifier (URI) whose
interfaces and bindings are capable of being defined, described, and discovered as XML artifact
[20]. A Web service supports direct interactions with other software agents using XML-based
messages exchanged via Internet-based protocols. Some of the key features of Web services are
that they are self-contained, self-describing and modular, they can be published, located, and
invoked across the Web, and they are language independent and interoperable. Web services are a
relatively new technology that have received wide acceptance as an important implementation of
service-oriented architecture. Web services provide a distributed computing approach for
integrating extremely heterogeneous applications over the Internet. The Web service
specifications are independent of programming language, operating system, and hardware to
promote loose coupling between the service consumer and provider. The technology is based
upon open technologies such as Extensible Markup Language (XML), Simple Object Access
Protocol (SOAP), Universal Description Discovery and Integration (UDDI), Web Services
Description Language (WSDL).
SOAP is a protocol for exchanging XML-based messages over computer networks, normally
using HTTP. SOAP forms the foundation layer of the Web services stack, providing a basic
messaging framework. There are several different types of messaging patterns in SOAP, but by
far the most common is the Remote Procedure Call (RPC) pattern, in which one network node
(the client) sends a request message to another node (the server), and the server immediately
sends a response message to the client.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
193
3.2 Attacks against Web Services
Vulnerabilities present in messaging protocols like SOAP and the markup language XML expose
Web Services to potential attack by intruders. Some common attacks targeting the Web services
[21] [22] are discussed below.
(1) Denial of Service Attacks
A direct attack on availability, a DoS attack prevents the service provider from receiving or
responding to messages from a requester. Because Web service interfaces are heterogeneous, it
takes knowledge about the underlying Web service applications to protect them against DoS
attacks. In Denial of Service attack the attacker’s goals are to reveal information that he can use
for crashing the Web application process. DoS may disable the users’ computer or network where
the attack can, for example, prevent data exchanging between two sites. Performing DoS the
attacker may attack a router, firewall, or proxy server with the goal of making them unusable. The
attacker may issue repetitive SOAP/XML messages in an attempt to overload the Web service.
The effect of the Denial of Service attack is to prevent the service-providing computer from being
able to provide the service.
(2) Command Injection
In a command injection, executable logic is inserted in non-executable text strings submitted to a
provider/provider Web service. The main types of command injection are SQL injection targeting
Web service-enabled database applications, and XML injection targeting Web services. SQL
Injection attack occurs when malicious SQL statements are inserted into XML in order to disrupt
the back-end system. Trying to force a SOAP endpoint, i.e., server to do something it wasn't
meant to do. For example retrieval of data it is not authorized to access, destruction of data
through SQL Injection and manipulation of content within a SOAP message. This results in
receiving endpoint and consumes excessive resources, i.e., buffer overflow, and crashes or
becomes unresponsive.
(3) Oversized Payloads Sent to XML Parsers
XML is verbose by design in its markup of existing data and information, so file size must always
be considered. A huge payload could be from an attacker again exercising the parser to execute a
DoS attack. Parsers based on the document object model, which represent the entire XML
document in memory, are especially susceptible to this attack, given their need to model the
entire document in memory prior to parsing. Coercive parsing, discussed above, is an example of
sending an oversized payload.
(4) Principal Spoofing
In this attack, a false message is sent which appears to be from a valid requester. For example, the
attacker sends a message that appears as though it is from a valid requester service. When
performing IP-spoofing attack an attacker fakes IP address to deceive receiver to believe it is sent
from a location that it is not actually from. If attacker gains access to the network with a valid IP
address, he/she can modify, reroute, or delete data. The attacker can gain access to sensitive
information or take control of the “victim” computer.
(5) Buffer Overflow Exploits
Buffer overflow exploits are targeted at Web service components (most often those written in C
or C++) that accept data as input and store it in memory (rather than on disk) for later use or
manipulation. An overflow of a memory buffer results when the Web service component fails to
adequately check the size of the input data to ensure that it is not larger than the memory buffer
allocated to receive it, and instead passes the too-large data into the too-small buffer. The result is
that the excess data is written into other areas of memory that are not prepared to receive it.
Buffer overflows are particularly dangerous when those other areas of memory are allocated to
store executable code rather than passive data.
(6) Schema Poisoning
5. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
194
XML schemas provide formatting instructions for parsers when interpreting XML documents.
Schemas are used for all of the major XML standard grammars coming out of OASIS. Because
these schemas describe necessary preprocessing instructions, they are susceptible to poisoning.
An attacker may attempt to compromise the schema in its stored location and replace it with a
similar but modified one that will either cause valid XML documents to be rejected, or cause
invalid or malicious XML documents to be accepted by the application.
(7) Registry Disclosure Attacks
Attackers can use mis-configured registries (LDAP, X.500, etc.) to obtain information about the
Web service being attacked. In particular, these registries can contain authentication information
that an attacker may be able to use. The registries can be compromised or corrupted, which may
allow an attacker to gain information about the Web service’s host or even gain access to that
host.
(8) Dictionary Attack
XML Web service interfaces are heterogeneous in nature with each system having its own
authentication system and methods for deterring undesired behavior. Dictionary attacks are
common where an attacker may either manually or programmatically attempt common passwords
to gain entry into a system or multiple systems. Most password-based authentication algorithms
are vulnerable to dictionary attacks.
(9) Format String Attacks
To exploit format string vulnerability, the attacker sends unexpected inputs to the program in the
form of strings specifically crafted to cause a privileged program to enable privilege escalation by
a normal user. For example, each HTTP command associated with a method that tells the server
about the type of action to be performed. Get and Post methods are most commonly used
methods. The Get method is designed for getting information and the Post method is designed for
posting information. When a URL directory is typed in a browser the Get method is used. The
Get method can include some of its own information, which passed as a sequence of characters
appended to the request URL in what‘s called a query string. Users can manipulate the query
string values, since they are displayed in the browser’s URL address field.
4. INTRUSION DETECTION SYSTEMS
Intrusion detection systems, or IDSs, have become an important component in the Security
Administrator's toolbox. In a nutshell, intrusion detection systems do exactly as the name
suggests: they detect possible intrusions. More specifically, IDS tools aim to detect computer
attacks and/or computer misuse, and to alert the proper individuals upon detection. Intrusion
detection systems serve three essential security functions: they monitor, detect, and respond to
unauthorized activity by organization insiders and outsider intrusion. Intrusion detection systems
use policies to define certain events that, if detected will issue an alert in the form of a sound or
email. Intrusion detection systems are an integral and necessary element of a complete
information security infrastructure performing as "the logical complement to network firewalls".
Simply putting, IDS tools allow for complete supervision of networks, regardless of the action
being taken, such that information will always exist to determine the nature of the security
incident and its source.
4.1. Types of IDS
Intrusion Detection Systems are of following basic types-
(i) Host-based systems were the first type of IDS to be developed and implemented. These
systems collect and analyze data that originate on a computer that hosts a service, such as a
Web server. Once this data is aggregated for a given computer, it can either be analyzed
locally or sent to a separate/central analysis machine.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
195
(ii)Network-based intrusion detection analyzes data packets that travel over the network. These
packets are examined and sometimes compared with empirical data to verify their nature:
malicious or benign. Because they are responsible for monitoring a network, rather than a
single host, Network-based intrusion detection systems (NIDS) tend to be more distributed
than host-based IDS.
The two types of intrusion detection systems differ significantly from each other, but complement
one another well. In a proper IDS implementation, it would be advantageous to fully integrate the
network intrusion detection system, such that it would filter alerts and notifications in an identical
manner to the host-based portion of the system, controlled from the same central location. In
doing so, this provides a convenient means of managing and reacting to misuse using both types
of intrusion detection.
4.2. Techniques
For each of the two types as described above, there are two basic techniques used to detect
intruders: anomaly detection and misuse detection (signature detection).
(i)Anomaly Detection is designed to uncover abnormal patterns of behavior. The IDS establish a
baseline of normal usage patterns, and anything that widely deviates from it is flagged as a
possible intrusion [7].
(ii) Misuse Detection, commonly called signature detection, uses specifically known patterns of
unauthorized behavior to predict and detect subsequent similar attempts. These specific patterns
are called signatures. Therefore in case of Misuse Detection at the heart of IDS is the attack
signature. The signatures can be generated through approaches like Network Grapping / Pattern
Matching, Protocol Decode/Analysis, Heuristic and Honeypot.
4.3. Attack Signatures
The purpose of attack signatures is to describe the characteristic elements of attacks. A signature
can be a portion of code, a pattern of behavior, a sequence of system calls, etc. There is currently
no common standard for defining these signatures. As a consequence, different systems provide
signature languages of varying expressiveness. A good signature must be narrow enough to
capture precisely the characteristic aspects of exploit it attempts to address; at the same time, it
should be flexible enough to capture variations of the attack. Failure in generating good
signatures leads to either large amounts of false positives or false negatives.
Content Based Signature Generation [23] is process of extracting the attack signatures based on
selection of the most frequently occurring byte sequences across the flows in the suspicious flow
pool. To do so various algorithms like LCS are applied to extract the common patterns in it since
malicious payload appears with increasing frequency as the malicious activity spreads. A method
for generating semantics-aware signatures has been discussed in [24].
4.4. Honeypots
The honeypot has emerged as an effective tool for observing and understanding intruder’s
toolkits, tactics, and motivations [10]. A honeypot suspects every packet transmitted to/from it,
giving it the ability to collect highly concentrated and less noisy datasets for network attack
analysis.
Honeypots are decoy computer resources set up for the purpose of monitoring and logging the
activities of entities that probe, attack or compromise them [25]. Activities on honeypots can be
considered suspicious by definition, as there is no point for benign users to interact with these
systems. Honeypots come in many shapes and sizes; examples include dummy items in a
database, low-interaction network components like preconfigured traffic sinks, or full-interaction
hosts with real operating systems and services [26].
7. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
196
Honeypots are highly useful at detection, addressing many of the problems of traditional
detection. Honeypots reduce false positives by capturing small data sets of high value, capture
unknown attacks such as new exploits or polymorphic shell-code, and work in encrypted and
IPv6 environments [6]. In general, low-interaction honeypots make the best solutions for
detection as they are easier to deploy and maintain.
5. SVM BASED SEMI-SUPERVISED CLASSIFIER
Machine Learning Classifiers use object characteristics to identify the class or group it belongs to.
A linear classifier achieves this based on the value of a linear combination of characteristics that
are presented in the form of a vector ’feature vector’ to the machine for classification. Several
classifiers exist such as Neural network based, Genetic Algorithm based, Decision tree based, etc.
[17][18][19].
In this work, a classifier to classify the semi-supervised data samples using the concept of support
vector machine as discussed in [27] has been used. In this approach formulation of spherical
decision boundaries and the exploitation of the dynamical system associated with support
function is done to obtain the number of clusters. To be able to apply the classifier, data set may
be preprocessed.
6. PROPOSED APPROACH
General system architecture as shown in figure 1 is proposed to allow attack pattern analysis and
signature extraction.The proposed system consists of following components–
i) Data Logging Component: To log the activities of an attacker, traffic logging is important.
This component includes various traffic capturing mechanisms like Hoeypots and other traffic
monitoring tools for data collection. This component also uses some tools to intercept the
requests for web services simulated on honeypots. Honeypot can be used to create connection
logs that report attempted and completed connections for all protocols. To analyze the complete
attack scenario, the system needs full payload of the packets entering and leaving the honeypot.
This task is performed by a tool for network monitoring. The web service requests are in the form
of SOAP messages which use HTTP, SMTP as transport protocols. To filter the SOAP messages
from these requests a filter may be used.
ii) Data Analysis Component: This component contains data analysis part of signature
extraction mechanism for extracting precise attack signature. The data analysis module analyses
the traffic data to select the most suspicious part. This part is realized though a semi automatic
method in which the data is classified into benign and malign classes corresponding to various
categories of attack on web services. The security manager is then allowed to select the
suspicious data based on his experience. For this purpose some support such as graphical
interface shall be very useful.
8. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
197
Figure 1: Proposed System Architecture
iii) Signature Extraction Component: This component contains signature extraction
mechanism for good quality attack signatures. A number of mechanisms can be employed for
this. These include artificial intelligence based techniques such as Fuzzy Logic, Neural Network
for pattern matching or application of algorithms like LCS.
7. PROTOTYPE DEVELOPMENT
A prototype of the proposed system has been implemented. The honeypots are deployed using the
open source Honeyd system [28] [29]. Details of the system are as given in the following
subsections.
7.1. Data Logging Component
Data logging is mainly done by using Honeypot log, tcpdump log and the log generated by SOAP
traffic filter tools. The Honeyd creates connection logs that report attempted and completed
connections for all protocols. To analyze the complete attack scenario, the system needs full
payload of the packets entering and leaving the honeypot. This task is performed by Tcpdump
which captures every packet’s full payload. Tcpdump is a tool for network monitoring and one of
the most well known sniffers for Linux. Built with the libpcap (packet capture library) interface,
it collects information from packets on the network including those intended for other host
machines. The web service requests are in the form of SOAP messages, which mainly use HTTP
and SMTP as transport protocols. The HTTP and SMTP requests have been filtered to extract
SOAP messages from them. Some tools to log and filter the SOAP traffic such as UtilSnoop [30],
SOAPui [31] and Fiddler [32] etc. exist for this purpose. These are used to intercept and monitor
the requests coming to the web services simulated on the honeypot. The intercepted requests are
logged in a single file for further analysis. Following are few sample examples that show the
SOAP requests captured using the data logging component -
9. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
198
(a) Example # 1 Intercepted SOAP Request Showing SQL Injection Attack
POST /soap/servlet/rpcrouter HTTP/1.0
Host: localhost:9000
Content-Type: text/xml; charset=utf-8
Content-Length: 389
SOAPAction: ""
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<fn:PerformFunction xmlns:fn=“ “>
<fn:uid>8123</fn:uid>
<fn:password>
’or 1=1 or password=‘
</fn:password>
</fn:PerformFunction>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
(b) Example # 2 Intercepted SOAP Request Showing DoS Attack
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/
encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance">
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle=
"http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-
ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<calculate>
<principal xsi:type="xsd:double">10000.0</principal>
<months
xsi:type="xsd:int">28484c3593275ab5451a8729hbCBDZXJ0aWZpY2F0a&$#~!^&$#~!^&$#
~!^W9uIEF1dGhvMDMxODU4MzRaMFwxCzAJBgNVBAYT&$#~!^&$#~!^&$#~!^1cml0
eSwgSW5jLj&$#~!^&$#~!^ErMCkGA1sdfbdbbgfb##$#$^%43UECxMi&$#~!^&$#~!^1d
Ghvcml0eTCBmzANBgkq&$#~!^&$#~!^&$#~!^&$#~!^hkiG9w0BsbsZwmdu41QUDaSiC
&$#~!^&$#~!^nHJ/lj+O7Kw </months>
<rate xsi:type="xsd:float">0.08</rate>
</calculate>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Sample of the contents of honeypot log files related to the above examples are shown below:
Honeypot Log
honeyd log started ------
2007-03-08-15:58:19.8679 honeyd log started ------
2007-03-08-16:48:02.8939 tcp(6) S 10.1.20.197 1781 10.1.20.198 220 [Windows XP SP1]
2007-03-08-16:48:07.7747 tcp(6) S 10.1.20.197 1782 10.1.20.198 220 [Windows XP SP1]
2007-03-08-16:48:09.4611 tcp(6) S 10.1.20.197 1783 10.1.20.198 220 [Windows XP SP1]
2007-03-08-16:48:10.4445 tcp(6) S 10.1.20.197 1784 10.1.20.198 220 [Windows XP SP1]
2007-03-08-16:48:43.3277 tcp(6) E 10.1.20.197 1773 10.1.20.198 220: 393 486
2007-03-08-16:49:01.3137 tcp(6) E 10.1.20.197 1780 10.1.20.198 220: 709 710
2007-03-08-16:49:02.9353 tcp(6) E 10.1.20.197 1781
2007-03-08-16:49:07.8303 tcp(6) E 10.1.20.197 1782 10.1.20.198 220: 772 711
2007-04-18-14:11:45.0116 honeyd log stopped ------
10. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
199
7.2. Data Analysis Component
This component contains data analysis part of signature extraction mechanism. The data analysis
module analyses the traffic data to select the most suspicious part. The filtered SOAP data log is
classified into benign and malicious classes corresponding to various categories of attacks on web
services.
A SVM based classifier discussed in [33] was used for this purpose. A SOAP attack log dataset
was created from the SOAP server log containing requests and responses. In the dataset some
samples were labeled by the attack name. The types of attacks considered in this work are Denial
of Service attack and SQL injection attack. This dataset includes attributes like client (Service
requestor) IP address, client (Service requestor) port number, server (Service provider) IP
address, server (Service provider) port address and the message string containing the
request/response. Depending on the content pattern observed in the request/response message, the
message was classified as normal access or attack to the system. In this study, the data is divided
into four different classes. The grouping is discussed as follows –
• If the request/response contains a ‘’’ character in the message string then they are grouped to
form class1.
• If the request/response contains a ‘%’ character in the message string then they are grouped to
form class 2.
• If the message contains meaningless string pattern then they are classified as Denial of Service
(DoS) attack and grouped to form class 3.
• If the access is normal to system then they are classified as belonging to class 4.
The number of samples selected for training and testing is shown in the table below:
Table 1: Description of the dataset
Table 2: Performance in terms of accuracy
Using the classified data, the web interface that gives graphical output using which security
administrator can easily find out the most attacked port, the IP address making most attacks on
various ports on different machines of the organizations network in the form of pie chart as
shown in figures 3 and 4 respectively. The figure 5 shows the links that were being most
frequently attacked on a particular server. It also shows the number of attempts to access those
links. The links correspond to the URIs of the web services implemented on the server. Figure 6
and 7 show ports that have been most active in the last three hours and one month respectively.
Such summary can be obtained for any time duration as desired by the Security Administrator.
The data analysis component can be realized by following the steps given below-
i) Configure honeyd to simulate network.
ii) Run Tcpdump for traffic analysis. The intercepted traffic is filtered to determine the protocols
and filter the SOAP requests.
Data set Dimension, Number
of classes
Training Testing
Attack 2,4 150 50
Training
Labeled Unlabeled
Accuracy
After pre-processing
60 90 72%
11. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
200
iii) Run SOAP requester tools Utilsnoop, SOAPui, Fiddler on different simulated machines to
capture the SOAP requests and generate logs for these requests. Combine the logs (i.e. the log of
SOAP requests obtained from step (ii) and step (iii) to give a single log of SOAP requests).
iv) Invoke the auto-run shell script that will run in a particular time interval and execute the
parser utility that will parse the data from the log files and insert it into the database, as shown in
figure 1. The realization of parser utility can be done in any language that has strong string
tokenization capability like Java.
v) Different logs for the transport protocols for SOAP are generated that help in determining the
popular transport protocol being used for attack.
vi) Preprocess the data so that it can be applied to the classifier.
vii) Classify the data to segregate benign and malign SOAP requests. Classify the malign data
into various attack categories.
vi) Login to the web interface to view the attack patterns and analyze the data for extraction of
good quality signature.
To enable the Security Administrator to select the suspicious data, the web GUI has the
following features:
i) Ability to display packet information from the database.
ii) Ability to display real time network traffic from data stored in database as well as historical
traffic statistics.
iii) Ability to display the frequency of attacks on various servers like FTP, SMTP etc.
iv) Ability to display the frequency of attacks on various web services deployed.
v) Display the ports, which were attacked within a certain time range.
vi) A timeline based hit statistics showing number of hits per second Honeypot got in a certain
time range.
vii) Show which remote IP-addresses "visited" the Honeypot in a certain time range using a pie
chart. Here it is also possible to specify a port number to show activity on a specific port.
In the proposed method, database module is useful due to the reason that it is easier to search for
a particular data in the database as it only requires to construct a proper query. The database also
facilitates graphical representation of generated data. The graphical interface can be run
independent of the Honeypot. Since past events are all recorded in a database, the web GUI can
analyze events without having to interfere with normal operations of the Honeypot. Thus, the
proposed system allows for better selection of data for extracting the attack signatures as against
the existing methods that blindly apply the content-based signature extraction algorithm on entire
data captured by the honeypot.
Figure 3: This is a quick summary of hits on a particular port of different machines. In this case it
is port number 220.
12. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
201
Figure 4: This is a quick summary of hits by a particular IP address e.g. the machine 10.1.20.197
has tried to access port number 220, 31 times.
Figure 5: This is a quick summary of Hits over links of a particular server. The links correspond
to services implemented on the server.
Figure 6: This is a quick summary of ports that have been active in last three hours
Figure 7: This is a quick summary of ports that have been active in last one month
13. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
202
7.3. Signature Extraction Mechanism
The graphical interface allows the Security Administrator (SA) to determine the traffic to be used
to extract the signature. In this module the data filtered by the aid of graphical interface is
processed for signature extraction. The signature extraction can be accomplished by application
of Rule based AI technique like Fuzzy Logic and Neural Network. In this prototype the LCS
algorithm is applied on the traffic of interest as against the present systems that apply LCS
algorithm on entire data.
The steps followed for finding the good quality attack signature are as follows: -
i) Identify data of interest (i.e. of significance) from the database by looking at the web GUI.
ii) Analyze combined data from different data sources i.e. honeypot, filtered data from Tcpdump
and Utilsnoop. For each received packet initiate the following sequence of activities:
a) If there is any existing connection state for the new packet, that state is updated otherwise
new state is created.
b) If the packet is outbound, don’t process the packet.
c) Perform protocol analysis [6] at the network and transport layer.
d) For each stored connection, perform header comparison in order to detect matching IP
networks, initial TCP sequence numbers, etc.
e) For SOAP requests detected from different IP address, report them to the SA in a separate
display area.
iii) Apply content-based string matching algorithm on the payload of interest by applying
following sequence of activities:
a) If the connections have the same destination port, perform pattern detection on the
exchanged messages with the help of Longest Common Substring algorithm. A description
about string-based pattern detection is given in the [13].
b) If a new signature is created in the process use the signature to augment the signature pool
otherwise stop the process
Given below are the sample attack signatures extracted from the captured logs –
Sample Attack Signature for DoS and Oversized Payloads:
ws-dos-2008-0912::
ip-proto == tcp
dst-ip != 10.10.0.0/32
dst-port = 80
http /.*&$#~!^.*?.* Content-Length >100000/
type "Denial of Service"
::
Sample Attack Signature for SQL Injection:
ws-sql-ij-2008-0912::
ip-proto == tcp
dst-ip != 10.10.0.0/32
dst-port = 80
http SOAPSDK4:name>’</ SOAPSDK4:name
type "SQL Injection"
::
8. FEATURES OF THE PROPOSED APPROACH
The testing results have been shown in section 6. The semi supervised classifier is able
to classify the data with 72% accuracy. The data pertaining to various attack categories
when shown through graphical interface is shown through some screen shots (figures 3,
4, 5, 6 and 7) useful for analysis have been presented. The extracted signatures have also
been shown. Here we list salient features of the system –
14. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
203
I.It is a generalized approach that is useful for generation of attacks for variety of intrusion
attempts that can be made.
II.Precision of signatures is more as the data is first classified into different attack categories.
This classified data is presented to the system administrator.
III.The links most frequently accessed on a web server and number of attempts to access those
links can be obtained.
IV.The transport protocols being used for accessing the web services can be determined.
V.Through the pie charts, frequency of attacks made on these services can be known and the
administrator can find out which services are more vulnerable to attack.
VI.This information can be used to generate precise signatures of attacks and obtain information
about the attack technique.
VII.The frequency of attacks on the ports within a certain time range can be seen using pie charts.
The various time ranges supported are three hours, one week, and one month.
VIII.The remote ip-addresses that visited the honeypot in a certain time range on a particular day
can be viewed.
IX.The ports that are targeted by a particular IP address can be viewed.
9. CONCLUSION AND DISCUSSION
In this paper a generalized system architecture has been presented to allow generation of attack
signatures for different types of attacks on web services. The presented system has the advantage
that it can be used for generation of more balanced attack signatures for web services. The
developed system is able to alert the system administrator about the attack patterns on the web
services. It allows the administrator to determine the number of attacks made on different services
using different transport protocols. The presented system is helpful in analyzing the attacks and
extracting good quality signatures from the data logs of honeypot, traffic analyzer and SOAP
interceptor tools for web services.
Administrators watch intruder’s activities and then perform a tedious forensic analysis. The
proposed system simplifies this process by including a separate data analysis module. The data
analysis method is semi-automatic; the data is first classified into various attack categories using
a SVM based classifier. The system administrator is presented with the classified data containing
the attacks/accesses made on different machines graphically. Thus the data presented contains
more concentrated attack information. This is done on hourly, weekly and monthly basis,
therefore, detection and analysis of signatures is easy and quicker. In addition, the system helps
detecting and analyzing new attack signatures. This detection is made possible through the
implementation of Longest Common Substring algorithm. This system also performs an early
detection of attacks and their analysis. Generation of hourly and weekly attack patterns provides
this functionality. The most vulnerable services of the system can be found and the attack
techniques can be observed through various log files being maintained. Frequency of attacks on
links of vulnerable web servers can also be detected.
In future, attempts shall be made to perform the fully automatic analysis using some AI based
tools. For instance, neural network based modules can be employed that have been trained to
learn the data selection strategies adopted by the Security administrators. The signatures can be
made precise by modifying the extraction algorithms that make use of a rule base. Learning
capabilities can be imbibed in these algorithms which can learn and evolve and produce improved
signatures.
15. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
204
10. References
[1] S.J. Basha, S. Cable, Galbraith,M. Hendricks, Romin Irani, James Milbery, T. Modi, Andre Tost, Alex
Toussaint, “Professional Java Web Services”, Apress, Shroff Publishers and Distributors Pvt. Ltd.
[2] WS-Security, OASIS identifier wss-v1.1-spec-os-SOAPMessageSecurity, [http://docs.oasis-
open.org/wss/v1.1/]
[3]WS-SecureConversation,[http:/docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-
secureconversation-1.3-os.html]
[4]WS-SecurityPolicy, OASIS WS-Security Policy specification,
[specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf]
[5] Christian Plattner, Reto Baumann, “White Paper:
Honeypots”,http://www.inf.ethz.ch/personal/plattner/pdf/whitepaper.pdf.
[6] Erwan Lemonnier, Defcom, “Protocol Anomaly Detection in Network-based IDSs”,
http://erwan.lemonnier.free.fr/.
[7] Christian Kreibich, Jon Crowcroft, “Honeycomb-Creating Intrusion Detection Signatures” Using
Honeypot, ACM SIGCOMM Computer Communication Review archive Volume 34,Issue1 (January
2004), Pp. 51 – 56.
[8] Urjita Thakar, Sudarshan Varma, A.K. Ramani, “HoneyAnalyzer – Analysis and Extraction of Intrusion
Detection Patterns & Signatures Using Honeypot”, The Second International Conference on
Innovations in Information Technology, Dubai, UAE September 26-28, 2005
[9] Nirmal Dagdee, Urjita Thakar,’ Intrusion Attack Pattern Analysis and Signature Extraction for Web
Services Using Honeypots’, IEEE Proceedings of the First International Conference on Emerging
Trends in Engineering and Technology, ICETET’08, 16-18 July 2008, Nagpur, India Pp.1232 – 1237 .
[10] Lance Spitzner, “Honeypots: Simple, Cost-Effective Detection”,
http://www.securityfocus.com/infocus/1690.
[11] Application Layer Intrusion Detection for SQL Injection, Frank S. Rietta, ACM SE’06, March 10-12,
2006, Melbourne, Florida, USA].
[12] D-SCIDS: Distributed Soft Computing Intrusion Detection System, Ajith Abraham, Ravi Jain,
Johnson Thomas, Sang Yong Han, Journal of Network and Computer Applications 30 82 (2007) 81–
98
[13] Snapp SR, Bretano J, Diaz GV, Goan TL, Heberlain LT, Ho C, Levitt KN, Mukherjee B, Smaha SE,
Grance T, Teal DM, Mansur D. DIDS (Distributed Intrusion Detection System)—motivation
architecture and an early prototype. In: Proceedings of the 14th national computer security conference,
Washington, DC, October, 1999. Pp. 167–76.
[14] An e-intelligence approach to e-cmmerce intrusion detection, Symon S. Chang, Min S. Chang, 2005,
IEEE, Pp 401-404
[15].Elkan, Charles, “Results of the KDD’99 classifier learning”, SIGKDD Explorating, 2000, pp.63-64.
[16] Lee, W.and Stolfo, S., “A frame work for constructing features and models for Intrusion Detection
system”, ACM Transactions on Information and system security, 3 (4), 2000, pp.227-261.
[17] Zhihua Zhou, Shifu Chen, Zhaoqian Chen , “FANNC: A Fast Adaptive Neural Network Classifier”
Knowledge and Information Systems (2000) 2: 115{129
[18] Eugen Barbu, Romain Raveaux, Herve Locteau, Sebastien Adam, Pierre Heroux, Eric Trupin, "Graph
Classification Using Genetic Algorithm and Graph Probing Application to Symbol Recognition,"
ICPR, vol. 3, pp.296-299, 18th International Conference on Pattern Recognition (ICPR'06) Volume 3,
2006
[19] Anurag Srivastava , Eui-Hong Han, Vipin Kumar and Vineet Singh “Parallel Formulations of
Decision-Tree Classification Algorithms”, Data Mining and Knowledge Discovery, 3,237-261 (1999)
16. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
[20] Web Services Architecture,
tr/2004/note-ws-arch-20040211/]
[21] Esmiralda Moradian , and Anne Håkansson
Journal of Computer Science and Network Security, Vol.6
[22] Meiko Jensen · Nils Gruschka · Ralph Herkenh¨oner,
Classification and countermeasures
[23] Hyang-Ah Kim, Brad Karp, “Autograph: Toward
In Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, August,
2004. Pp. 271–286.
[24] Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha, “
Semantics-Aware Signatures”,
Volume, Baltimore, MD, 2005 pp7
[25] Martin Roesch, “Snort – Lightweight Intrusion Detection for Networks
13th System Administration Conference, November 1999, pp.229
[26] Yuqing Mai, Radhika Upadrashta and Xiao Su, “
with Monitoring and Intrusion Detection
Technology: Coding and Computing (ITCC'04) Volume 1 April 05
[27] Narendra S. Chaudhari, Aruna Tiwari, Jaya Thomas,
supervised Classification Algorithm
1947
[28] Niels Provos, “A Virtual Honeypot Framework
Symposium (Security 2004), San Diego, CA, August, 2004, Pp. 1
[29] Honeyd System, [http://www.Honeyd.org/]
[30] UtilSnoop [http://www.lanw.com/books/javasoap/default.htm
[31] SOAPui [www.soapui.org]
[32] Fiddler [www.fiddlertool.com]
[33] Narendra S. Chaudhari, Aruna Tiwari, Urjita Thakar, Jaya Thomas
for Intrusion Detection System in Networks
Authors
Urjita Thakar earned her under graduate and graduate degrees in Computer Engineering in the
year 1990 and 1997 from Shri G.S. Institute of Technology and Science, Indore, India. She is
presently pursuing her doctoral research and working as
Engineering at Shri G.S. Institute of Technology and Science, Indore, India. Her
interest include Information Security, Web Engineering
Nirmal Dagdee earned his undergraduate and Graduate Degrees in Comput
year 1986 and 1990 respectively from a premier institute of central India, Shri G.S. Institute of
Technology and Science, Indore, India. He earned his Doctoral degree from Rajiv Gandhi
Technological University of Madhya Pradesh, India
Engineering, Soft Computing and Computer Security.
Sudarshan Varma completed his Bachelor of
completed his Master of Engineering in Computer Engineering in 2
Technology and Science, Indore, India.
Sciences and Database Technologies.
Solutions, NJ, USA.
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
W3c Working Group Note 11 February 2004, [http://www.w3.org/
20040211/]
Esmiralda Moradian , and Anne Håkansson, “Possible attacks on XML Web Services
Journal of Computer Science and Network Security, Vol.6 No.1B, January 2006, pp154
Meiko Jensen · Nils Gruschka · Ralph Herkenh¨oner, “A Survey of Attacks on Web Services
Classification and countermeasures”, Springer Verlag, CSRD (2009) 24: 185–197
Autograph: Toward Automated, Distributed Worm Signature Detection
In Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, August,
] Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha, “An Architecture for
”, Proceedings of the 14th conference on USENIX Security Symposium
Baltimore, MD, 2005 pp7-7
Lightweight Intrusion Detection for Networks”, Proceedings of USENIX
Administration Conference, November 1999, pp.229-238.
] Yuqing Mai, Radhika Upadrashta and Xiao Su, “J-Honeypot: A Java-Based Network Deception Tool
with Monitoring and Intrusion Detection”, Proceedings of the International Conference on Information
chnology: Coding and Computing (ITCC'04) Volume 1 April 05 - 07, 2004, Pp. 804-
] Narendra S. Chaudhari, Aruna Tiwari, Jaya Thomas, “Performance Evaluation of SVM based Semi
supervised Classification Algorithm”, IEEE proceedings of ICARCV 2008, Hanoi, Vietnam, Pp 1942
A Virtual Honeypot Framework”, In Proceedings of the 13th Usenix Security
Symposium (Security 2004), San Diego, CA, August, 2004, Pp. 1–14.
] Honeyd System, [http://www.Honeyd.org/]
http://www.lanw.com/books/javasoap/default.htm ],
] Fiddler [www.fiddlertool.com]
Narendra S. Chaudhari, Aruna Tiwari, Urjita Thakar, Jaya Thomas, “Semi-supervised Classification
Detection System in Networks”, (Accepted) CIS-RAM 2010
earned her under graduate and graduate degrees in Computer Engineering in the
year 1990 and 1997 from Shri G.S. Institute of Technology and Science, Indore, India. She is
presently pursuing her doctoral research and working as Reader in the Department of Computer
Engineering at Shri G.S. Institute of Technology and Science, Indore, India. Her major areas of
nterest include Information Security, Web Engineering and Computational Theory.
earned his undergraduate and Graduate Degrees in Computer Engineering in the
year 1986 and 1990 respectively from a premier institute of central India, Shri G.S. Institute of
Technology and Science, Indore, India. He earned his Doctoral degree from Rajiv Gandhi
Technological University of Madhya Pradesh, India in 2003. His major fields of study include Web
Engineering, Soft Computing and Computer Security.
completed his Bachelor of Engineering in Production engineering in 1995 and
completed his Master of Engineering in Computer Engineering in 2005 from Shri G.S. Institute of
Technology and Science, Indore, India. His areas of interest are Information Security, Web
Sciences and Database Technologies. He is presently working as Project Manager in Ideavate
International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
205
W3c Working Group Note 11 February 2004, [http://www.w3.org/
Possible attacks on XML Web Services”, International
No.1B, January 2006, pp154-170.
A Survey of Attacks on Web Services -
Automated, Distributed Worm Signature Detection”,
In Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, August,
An Architecture for Generating
Proceedings of the 14th conference on USENIX Security Symposium–
”, Proceedings of USENIX
Based Network Deception Tool
”, Proceedings of the International Conference on Information
-808.
Performance Evaluation of SVM based Semi-
noi, Vietnam, Pp 1942-
”, In Proceedings of the 13th Usenix Security
supervised Classification