A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
A fast string searching algorithm
Communications of the ACM
ACM Transactions on Information and System Security (TISSEC)
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Ontology in information security: a useful theoretical foundation and methodological tool
Proceedings of the 2001 workshop on New security paradigms
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Jena: implementing the semantic web recommendations
Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Context based Application Level Intrusion Detection System
ICNS '06 Proceedings of the International conference on Networking and Services
Application layer intrusion detection for SQL injection
Proceedings of the 44th annual Southeast regional conference
Pellet: A practical OWL-DL reasoner
Web Semantics: Science, Services and Agents on the World Wide Web
Building a Test Suite for Web Application Scanners
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Combating the Insider Cyber Threat
IEEE Security and Privacy
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard
PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Joomla! Web Security
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
Foundation of Semantic Rule Engine to Protect Web Application Attacks
ISADS '11 Proceedings of the 2011 Tenth International Symposium on Autonomous Decentralized Systems
Secure data preservers forweb services
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Enhanced Topic-based Vector Space Model for semantics-aware spam filtering
Expert Systems with Applications: An International Journal
Identifying Web Spam with the Wisdom of the Crowds
ACM Transactions on the Web (TWEB)
Detecting Spam Zombies by Monitoring Outgoing Messages
IEEE Transactions on Dependable and Secure Computing
Data mining methods for anomaly detection of HTTP request exploitations
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
Information Sciences: an International Journal
Using Rule Ontology in Repeated Rule Acquisition from Similar Web Sites
IEEE Transactions on Knowledge and Data Engineering
Detecting and Resolving Firewall Policy Anomalies
IEEE Transactions on Dependable and Secure Computing
Detecting Anomalous Insiders in Collaborative Information Systems
IEEE Transactions on Dependable and Secure Computing
Automated Security Test Generation with Formal Threat Models
IEEE Transactions on Dependable and Secure Computing
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Internet access traffic measurement and analysis
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Ranking semantic relationships between two entities using personalization in context specification
Information Sciences: an International Journal
Detecting Targeted Malicious Email
IEEE Security and Privacy
Integrated access control and intrusion detection for Web servers
IEEE Transactions on Parallel and Distributed Systems
Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions
IEEE Network: The Magazine of Global Internetworking
Ontology paper: The SSN ontology of the W3C semantic sensor network incubator group
Web Semantics: Science, Services and Agents on the World Wide Web
Ontology paper: Community analysis through semantic rules and role composition derivation
Web Semantics: Science, Services and Agents on the World Wide Web
Information Sciences: an International Journal
Toward a more practical unsupervised anomaly detection system
Information Sciences: an International Journal
idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining
Information Sciences: an International Journal
How Can We Deter Cyber Terrorism?
Information Security Journal: A Global Perspective
Information Security Journal: A Global Perspective
Bayesian approach for inconsistent information
Information Sciences: an International Journal
Hi-index | 0.07 |
In this paper, we propose a method of detecting and classifying web application attacks. In contrast to current signature-based security methods, our solution is an ontology based technique. It specifies web application attacks by using semantic rules, the context of consequence and the specifications of application protocols. The system is capable of detecting sophisticated attacks effectively and efficiently by analyzing the specified portion of a user request where attacks are possible. Semantic rules help to capture the context of the application, possible attacks and the protocol that was used. These rules also allow inference to run over the ontological models in order to detect, the often complex polymorphic variations of web application attacks. The ontological model was developed using Description Logic that was based on the Web Ontology Language (OWL). The inference rules are Horn Logic statements and are implemented using the Apache JENA framework. The system is therefore platform and technology independent. Prior to the evaluation of the system the knowledge model was validated by using OntoClean to remove inconsistency, incompleteness and redundancy in the specification of ontological concepts. The experimental results show that the detection capability and performance of our system is significantly better than existing state of the art solutions. The system successfully detects web application attacks whilst generating few false positives. The examples that are presented demonstrate that a semantic approach can be used to effectively detect zero day and more sophisticated attacks in a real-world environment.