Netinfo Security ›› 2015, Vol. 15 ›› Issue (1): 61-65.doi: 10.3969/j.issn.1671-1122.2015.01.011

Previous Articles     Next Articles

A Risk Assessment Model of Intrusion Detection for Web Applications Based on Web Server Logs and Website Parameters

HE Peng-cheng(), FANG Yong   

  1. College of Electronics and Information Engineering, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2014-11-13 Online:2015-01-10 Published:2015-07-05

Abstract:

With the development of network technology, surfing the internet is not as safe as it was before. A growing number of web application vulnerabilities result that a lot of websites face the risk of intrusion. To maintain the safety of the site, many intrusion detection related approaches have been proposed. Most of these approaches are based on real-time system, which can intercept and prevent the occurrence of attacks timely, but once a website has been invaded, these methods will not work. Alternatively, there are also some intrusion detection methods based on non-real-time system, which are applied after the sites have been invaded. These systems can target the source of attacks but it is difficult for them to detect the grade of the risk that Web system suffered because the risks faced by each site are not the same. On the basis of Web logs and Web parameters, this paper proposes an improved risk assessment model for non-real-time intrusion detection. This model can define various assessment strategies according to different website parameter. The strategy will assign a weight for every kind of attack. Through the attack information that these weights and web logs match, the system can calculate the fuzzy value, which could be used to reflect the level of the threat that the system suffers under this kind of attack. The result of the experiment suggests that our study can efficiently detect the level of the threat that website suffers from the intrusion, which is of great help to maintain the security of website and prevent Hackers' attack.

Key words: Website system, security risk, risk assessment model, intrusion detection

CLC Number: