Journals : Accents Journal

ACCENTS Journals

A Unit of ACCENTS

(Publisher of Peer Reviewed Open Access Journals)

International Journal of Advanced Computer Research (IJACR)

ISSN (Print):2249-7277 ISSN (Online):2277-7970

Volume-6 Issue-23 March-2016

Full-Text PDF
DOI:10.19101/IJACR.2016.623028

Paper Title

How to secure web servers by the intrusion prevention system (IPS)?

Author Name

Yousef Farhaoui

Abstract

Information technology and especially the Internet are playing an increasing role in our society. Approaches by signature show limits on intrusion detection / attacks by the fact that most web vulnerabilities are specifically for specific applications may be developed in-house by companies. Behavioral methods are therefore an interesting approach in this area. An IPS (Intrusion Prevention System) is a tool that is used to enhance the security level. We present here the secure IPS architecture web server. We will also discuss measures that define the effectiveness of our IPS and very recent work of standardization and homogenization of our IPS platform. The approach relies on preventive mechanisms: it is then to develop devices capable of preventing any action that would result in a violation of the security policy. However, experienceand results shows that it is impossible to build a fully secure system for technical or practical reasons.

Keywords

Intrusion prevention, Web server, Architectures, Security.

Cite this article

Yousef Farhaoui, " How to secure web servers by the intrusion prevention system (IPS)? " , International Journal of Advanced Computer Research (IJACR), Volume-6, Issue-23, March-2016 ,pp.65-71.DOI:10.19101/IJACR.2016.623028

References

[1]Myers PA. Subversion: the neglected aspect of computer security. Naval Postgraduate School, Monterey CA; 1980.
[Google Scholar]

[2]Anderson JP. Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania; 1980.
[Google Scholar]

[3]Tan KM, Killourhy KS, Maxion RA. Undermining an anomaly-based intrusion detection system using common exploits. In recent advances in intrusion detection 2002(pp. 54-73). Springer Berlin Heidelberg.
[Crossref]	[Google Scholar]

[4]Wagner D, Soto P. Mimicry attacks on host-based intrusion detection systems. In proceedings of the 9th ACM conference on computer and communications security 2002 (pp. 255-64). ACM.
[Crossref]	[Google Scholar]

[5]Helman P, Liepins G. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering. 1993;19(9):886-901.
[Crossref]	[Google Scholar]

[6]Vaccaro HS, Liepins GE. Detection of anomalous computer session activity. In IEEE symposium on security and privacy 1989 (pp. 280-9). IEEE.
[Crossref]	[Google Scholar]

[7]McHugh J. Intrusion and intrusion detection. International Journal of Information Security. 2001;1(1):14-35.
[Crossref]	[Google Scholar]

[8]Fielding R, Gettys J, Mogul J, Frystyk H, Masinter L, Leach P, et al. Hypertext transfer protocol--HTTP/1.1. 1999.
[Google Scholar]

[9]Robertson W, Vigna G, Kruegel C, Kemmerer RA. Using generalization and characterization techniques in the anomaly-based detection of web attacks. NDSS 2006.
[Google Scholar]

[10]Mavrommatis NP, Monrose MA. All your iframes point to us. In USENIX security symposium 2008 (pp. 1-16).

[11]Paxson V. Bro: a system for detecting network intruders in real-time. Computer Networks. 1999 ;31(23):2435-63.
[Crossref]	[Google Scholar]

[12]Heberlein LT, Dias GV, Levitt KN, Mukherjee B, Wood J, Wolber D. A network security monitor. In IEEE computer society symposium on research in security and privacy 1990 (pp. 296-304). IEEE.
[Crossref]	[Google Scholar]

[13]Mukherjee B, Heberlein LT, Levitt KN. Network intrusion detection. Network, IEEE. 1994; 8(3):26-41.
[Crossref]	[Google Scholar]

[14]Roesch M. Snort: lightweight intrusion detection for networks. In LISA 1999; 99 (1): 229-38.
[Google Scholar]

[15]Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A sense of self for unix processes. In IEEE symposium on security and privacy 1996 (pp. 120-8). IEEE.
[Crossref]	[Google Scholar]

[16]Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: alternative data models. In IEEE symposium on security and privacy 1999 (pp. 133-45). IEEE.
[Crossref]	[Google Scholar]

[17]Ghosh AK, Michael C, Schatz M. A real-time intrusion detection system based on learning program behavior. In recent advances in intrusion detection 2000 (pp. 93-109). Springer Berlin Heidelberg.
[Crossref]	[Google Scholar]

[18]Kruegel C, Vigna G. Anomaly detection of web-based attacks. In proceedings of the 10th ACM conference on computer and communications security 2003 (pp. 251-61). ACM.
[Crossref]	[Google Scholar]

[19]Tombini E, Debar H, Mé L, Ducassé M. A serial combination of anomaly and misuse IDSes applied to HTTP traffic. In 20th annual computer security applications conference 2004 (pp. 428-37). IEEE.
[Crossref]	[Google Scholar]

[20]Estévez-Tapiador JM, García-Teodoro P, Díaz-Verdejo JE. Measuring normality in http traffic for anomaly-based intrusion detection. Computer Networks.2004; 45 (2): 175-93.
[Crossref]	[Google Scholar]

[21]Ingham KL, Somayaji A, Burge J, Forrest S. Learning DFA representations of HTTP for protecting web applications. Computer Networks. 2007;51(5):1239-55.
[Crossref]	[Google Scholar]

[22]Ingham KL, Inoue H. Comparing anomaly detection techniques for HTTP. In recent advances in intrusion detection 2007 (pp. 42-62). Springer Berlin Heidelberg.
[Crossref]	[Google Scholar]

[23]http://webhost.laas.fr/TSF/LIS/Guide.html. Accessed 20 Novmber 2015.

[24]Zissman M. DARPA Intrusion Detection Evaluation Datasets.1999.

[25]Boudaoud K. Un système multi-agents pour la détection d’intrusions. Proceedings of the Journées Doctorales Informatique et Réseaux (JDIR). 2000.
[Google Scholar]

[26]Hochberg J, Jackson K, Stallings C, McClary JF, DuBois D, Ford J. NADIR: an automated system for detecting network intrusion and misuse. Computers & Security. 1993 ;12(3):235-48.
[Crossref]	[Google Scholar]

[27]Farhaoui Y, Asimi A. Performance method of assessment of the intrusion detection and prevention systems. International Journal of Engineering Science and Technology. 2011;3(7);5916-28.
[Google Scholar]

[28]Farhaoui Y, Asimi A. Performance Assessment of Tools of the Intrusion Detection/Prevention Systems. International Journal of Computer Science and Information Security. 2012;10(1):7-13.

[29]Farhaoui Y, Asimi A. Performance assessment of the intrusion detection and prevention systems: according to their features: the method of analysis, reliability, reactivity, facility, adaptability and performance. In 6th IEEE international conference sciences of electronics technologies information and telecommunication (SETIT), Sousse, Tunisia 2011.
[Google Scholar]