A Risk Assessment Model of Intrusion Detection for Web Applications Based on Web Server Logs and Website Parameters

doi:10.3969/j.issn.1671-1122.2015.01.011

Abstract

Abstract:

With the development of network technology, surfing the internet is not as safe as it was before. A growing number of web application vulnerabilities result that a lot of websites face the risk of intrusion. To maintain the safety of the site, many intrusion detection related approaches have been proposed. Most of these approaches are based on real-time system, which can intercept and prevent the occurrence of attacks timely, but once a website has been invaded, these methods will not work. Alternatively, there are also some intrusion detection methods based on non-real-time system, which are applied after the sites have been invaded. These systems can target the source of attacks but it is difficult for them to detect the grade of the risk that Web system suffered because the risks faced by each site are not the same. On the basis of Web logs and Web parameters, this paper proposes an improved risk assessment model for non-real-time intrusion detection. This model can define various assessment strategies according to different website parameter. The strategy will assign a weight for every kind of attack. Through the attack information that these weights and web logs match, the system can calculate the fuzzy value, which could be used to reflect the level of the threat that the system suffers under this kind of attack. The result of the experiment suggests that our study can efficiently detect the level of the threat that website suffers from the intrusion, which is of great help to maintain the security of website and prevent Hackers' attack.

Key words: Website system, security risk, risk assessment model, intrusion detection

CLC Number:

TP309

HE Peng-cheng, FANG Yong. A Risk Assessment Model of Intrusion Detection for Web Applications Based on Web Server Logs and Website Parameters[J]. Netinfo Security, 2015, 15(1): 61-65.

Figures/Tables 4

References 16

[1]	OWASP(Open Web Application Security Project), 开放式Web应用程序安全项目[EB/OL]., 2013-01-31.
[2]	CWE(Common Weakness Enumeration), 通用缺陷列表[EB/OL]. ,2013-01-31.
[3]	Hall, Mark.Web application vulnerabilities on rise[M]. Computerworld, Elsevier Inc, 2007.
[4]	Heady R, Luger G, Maccabe A, et al.The architecture of a network level intrusion detection system[R]. Technical report, Computer Science Department, University of New Mexico,August 1990.
[5]	Xydas I.Host-based web anomaly intrusion detection system, an artificial immune system approach[C]//Proceedings of the IASTED International Conference on Artificial Intelligence and Applications, 2008:258-265.
[6]	姚东,罗军勇,陈武平,等. 基于改进非广延熵特征提取的双随机森林实时入侵检测方法[J]. 计算机科学,2013,40(12):192-196.
[7]	史晓卓,郑晨溪. 决策树算法在网站服务器日志分析中的应用[J]. 硅谷,2013,(22):105-105.
[8]	Shaimaa E S, Mohamed I M, Laila M E, et al.Web Server Logs Preprocessing for Web Intrusion Detection[J].Computer and Information Science, 2011.
[9]	MA J B, YU H W, GAO C L. Study of the Issue of Personnel Promotion Based on Fuzzy Comprehensive Evaluation[C]//Information Science and Management Engineering (ISME), 2010:511-513.
[10]	LEU Sou-Sen; CHANG Ching-Miao,Bayesian-network-based safety risk assessment for steel construction projects[C]//Accident; analysis and prevention, 2013:122-33.
[11]	杨富华. WEB日志挖掘与分析[J]. 制造业自动化,2011,(6):48-50.
[12]	百度百科. 正则表达式[EB/OL]. ,2014-11-13.
[13]	徐嘉铭. SQL注入攻击原理及在数据库安全中的应用[J]. 电脑编程技巧与维护, 2009,(18):104-106.
[14]	王永乐, 徐书欣,跨站脚本攻击过程与防范策略[J].安阳师范学院学报,2013,(5):65-67.
[15]	SEBUG漏洞库. 文件包含漏洞[EB/OL]. , 2011-12-19.
[16]	SEBUG漏洞库.任意文件上传漏洞[EB/OL]. , 2014.11-13.