Citation

Chan, Gaik Yee and Wong, Hui Shin and Rao, G. S. V. R. K. (2007) An Adaptive Intrusion Detection and Prevention (ID/IP) Framework for Web Services. In: International Conference on Convergence Information Technology, 2007. IEEE Xplore, 528 -534. ISBN 0-7695-3038-9

Text 04420313.pdf - Published Version Restricted to Repository staff only Download (338kB)

Abstract

The advance in Web technology has lead to more and more applications being deployed over the Web service (WS) platform. However, the inherent security weaknesses of the WS platform have lead to these WS-based applications being vulnerable and targets for attacks. This paper identifies and describes the various vulnerabilities and security threats pertaining to WS. After examining the various existing defending mechanisms for WS, it is found that they are not adaptive and adequate in counter-measuring the WS attacks. An adaptive intrusion detection and prevention (ID/IP) framework to protect the WS against attacks related to SOAP/XML/SQL is thus introduced. Through illustration by examples, the framework demonstrated that by making use of agents that act as sensors, data mining techniques such as clustering, association and sequential rule coupled with fuzzy logic to further analyze and identify anomalies, is able to exhibit the adaptive nature of capturing anomalies and avoiding false alarms.

Item Type:	Book Section
Subjects:	T Technology > T Technology (General)
Divisions:	Faculty of Information Science and Technology (FIST)
Depositing User:	Ms Suzilawati Abu Samah
Date Deposited:	20 Nov 2013 08:14
Last Modified:	20 Nov 2013 08:14
URII:	http://shdl.mmu.edu.my/id/eprint/4448

Downloads

Edit (login required)