Showing 1–2 of 2 results for author: Hussain, S Z

Identification of Flaws in the Design of Signatures for Intrusion Detection Systems

Authors: Nancy Agarwal, Syed Zeeshan Hussain

Abstract: Signature-based Intrusion Detection System (SIDS) provides a promising solution to the problem of web application security. However, the performance of the system highly relies on the quality of the signatures designed to detect attacks. A weak signature set may considerably cause an increase in false alarm rate, making impractical to deploy the system. The objective of the paper is to identify th… ▽ More Signature-based Intrusion Detection System (SIDS) provides a promising solution to the problem of web application security. However, the performance of the system highly relies on the quality of the signatures designed to detect attacks. A weak signature set may considerably cause an increase in false alarm rate, making impractical to deploy the system. The objective of the paper is to identify the flaws in the signature structure which are responsible to reduce the efficiency of the detection system. The paper targets SQL injection signatures particularly. Initially, some essential concepts of the domain of the attack that should be focused by the developer in prior to designing the signatures have been discussed. Afterwards, we conducted a case study on the well known PHPIDS tool for analyzing the quality of its SQL signatures. Based on the analysis, we identify various flaws in the designing practice that yield inefficient signatures. We divide the weak signatures into six categories, namely incomplete, irrelevant, semi-relevant, susceptible, redundant and inconsistent signatures. Moreover, we quantify these weaknesses and define them mathematically in terms of set theory. To the best of our knowledge, we have identified some novel signature design issues. The paper will basically assist the signature developer to know what level of expertise is required for devising a quality signature set and how a little ignorance may lead to deterioration in the performance of the SIDS. Furthermore, a security expert may evaluate the detector against the identified flaws by conducting structural analysis on its signature set. △ Less

Submitted 28 May, 2018; originally announced May 2018.

A closer look at Intrusion Detection System for web applications

Authors: Nancy Agarwal, Syed Zeeshan Hussain

Abstract: Intrusion Detection System (IDS) is one of the security measures being used as an additional defence mechanism to prevent the security breaches on web. It has been well known methodology for detecting network-based attacks but still immature in the domain of securing web application. The objective of the paper is to thoroughly understand the design methodology of the detection system in respect to… ▽ More Intrusion Detection System (IDS) is one of the security measures being used as an additional defence mechanism to prevent the security breaches on web. It has been well known methodology for detecting network-based attacks but still immature in the domain of securing web application. The objective of the paper is to thoroughly understand the design methodology of the detection system in respect to web applications. In this paper, we discuss several specific aspects of a web application in detail that makes challenging for a developer to build an efficient web IDS. The paper also provides a comprehensive overview of the existing detection systems exclusively designed to observe web traffic. Furthermore, we identify various dimensions for comparing the IDS from different perspectives based on their design and functionalities. We also provide a conceptual framework of an IDS with prevention mechanism to offer a systematic guidance for the implementation of the system specific to the web applications. We compare its features with five existing detection systems, namely AppSensor, PHPIDS, ModSecurity, Shadow Daemon and AQTRONIX WebKnight. The paper will highly facilitate the interest groups with the cutting edge information to understand the stronger and weaker sections of the web IDS and provide a firm foundation for developing an intelligent and efficient system. △ Less

Submitted 13 August, 2018; v1 submitted 16 March, 2018; originally announced March 2018.