SUMMARY

The aim of this project is to provide an effective and open source intrusion detection system for Web-based attacks. The exponential increase in cyber crimes with the expansion of Web applications have become the most important security concern for e-business, e-health and other Web applications on the Internet. Recent survey shows that about 80% of Web based attacks are being deployed at the application layer of the OSI model and more than 90% of Web applications are vulnerable to these attacks. Various security mechanisms in the form of intrusion detection systems, encryption devices, and firewalls have been deployed but tend to be less effective against the Web-based threats, due to their extremely flexible nature. In order to mitigate application level attacks the system needs to grasp the context of the information contents (e.g., web page or script) and able to filter that contents on the basis of its consequences on the target applications. This proposal introduces new concepts and an architecture to use semantics for detecting and preventing attacks at the application layer (specifically, attacks through HTTP). The proposed system will be capable of performing intrusion detection through the ontological representation of attacks, application protocols such as HTTP and associated data; furthermore it allows automatic generations of attack rules.  By building the attack model using ontologies, the system will significantly improve attack detection capability and should be able to detect Web attacks which appear to be generalized forms of existing attack techniques (i.e., zero day attacks based on existing methods). We have already developed a prototype ontology model of application layer attacks for the HTTP protocol. The proof-of-concept prototype uses Description Logic based Web Ontology Language (OWL) for knowledge representation and it is implemented on top of the JENA framework. The prototype system is deployed and evaluated as a surrogate proxy in front of the Web server to detect and protect Web applications from application layer attacks like Cross Site Scripting (XSS) and SQL injection. System evaluation shows significantly improved detection capability, as compared with some other existing techniques and solutions, and provides significant search space reduction, as well as it helps in eliminating many problems associated with existing techniques. We are sure that through this research project we will provide significantly improved ontology based intrusion detection system that works at the application layer.