To read the full version of this content please select one of the options below:

Using response action with intelligent intrusion detection and prevention system against web application malware

Ammar Alazab (College of Engineering and Technology, The American University of the Middle East, Egaila, Kuwait)
Michael Hobbs (Faculty of Science Engineering & Built Environment, Deakin University, Geelong, Australia)
Jemal Abawajy (School of Information Technology, Deakin University, Geelong, Australia)
Ansam Khraisat (Faculty of Science Engineering & Built Environment, Deakin University, Geelong, Australia)
Mamoun Alazab (Department of Crime, Policing, Security and Justice, Australian National University, Canberra, Australia)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 10 November 2014

Abstract

Purpose

The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened.

Design/methodology/approach

A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS).

Findings

After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system.

Research limitations/implications

Data limitation.

Originality/value

The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Keywords

Acknowledgements

This research is supported by the Australian National University and the ANU Cybercrime Observatory (http://cybercrime.anu.edu.au).

Citation

Alazab, A., Hobbs, M., Abawajy, J., Khraisat, A. and Alazab, M. (2014), "Using response action with intelligent intrusion detection and prevention system against web application malware", Information Management & Computer Security, Vol. 22 No. 5, pp. 431-449. https://doi.org/10.1108/IMCS-02-2013-0007

Publisher

:

Emerald Group Publishing Limited

Copyright © 2014, Emerald Group Publishing Limited