CFP last date
22 April 2024
Reseach Article

Prediction and Classification of Web Application Attacks using Vulnerability Ontology

by P. Salini, J. Shenbagam
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 116 - Number 21
Year of Publication: 2015
Authors: P. Salini, J. Shenbagam
10.5120/20464-2832

P. Salini, J. Shenbagam . Prediction and Classification of Web Application Attacks using Vulnerability Ontology. International Journal of Computer Applications. 116, 21 ( April 2015), 42-47. DOI=10.5120/20464-2832

@article{ 10.5120/20464-2832,
author = { P. Salini, J. Shenbagam },
title = { Prediction and Classification of Web Application Attacks using Vulnerability Ontology },
journal = { International Journal of Computer Applications },
issue_date = { April 2015 },
volume = { 116 },
number = { 21 },
month = { April },
year = { 2015 },
issn = { 0975-8887 },
pages = { 42-47 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume116/number21/20464-2832/ },
doi = { 10.5120/20464-2832 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:57:48.649828+05:30
%A P. Salini
%A J. Shenbagam
%T Prediction and Classification of Web Application Attacks using Vulnerability Ontology
%J International Journal of Computer Applications
%@ 0975-8887
%V 116
%N 21
%P 42-47
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Web application security is the major security concern for e-business and information sharing communities. Research showed that more than 75% attacks are being deployed at application layer and almost 90% applications are vulnerable to the attacks. This is due to the avoidance of security requirements during implementation by the developer because they are not trained on solving security issues and often need to depend on security experts. In this paper, an approach for effective defenses against the application level attacks is proposed. The proposed system is an ontology based system that can predict and classify web application attacks. The system effectively stores threat, vulnerability and attack information. The attacks can be predicted by analyzing vulnerability and threats. The attacks are classified based on severity level of the attacks on security goals. Moreover, the system also provides suggestion for prevention and countermeasure to the predicted attacks, thereby assisting the developers in developing secure web applications. The results were promising when compared to the conventional method of knowledge base.

References
  1. M. Vrancianu, L. A. Popa, Considerations regarding the security and protection of e-banking services consumers' interests, The Amfiteatru Economic Journal 12 (28) (2010) 388–403.
  2. J. Kannan, P. Maniatis, B. G. Chun, Secure data preservers for web services, in: Proceedings of the 2nd USENIX Conference on Web Application Development, USENIX Association, 2011, pp. 3–3.
  3. J. Undercoffer, J. Pinkston, A. Joshi and T. Finin, "A target-centric ontology for intrusion detection", In 18th International Joint Conference on Artificial Intelligence, pp. 9-15, March 2004. Ding, W. and Marchionini, G. 1997 A Study on Video Browsing Strategies. Technical Report. University of Maryland at College Park.
  4. L. Daniel Costa, L. Matthew Collins, J. Samuel Perl, J. Michael Albrethsen, J. George Silowash, L. Derrick Spooner, An Ontology for Insider Threat Indicators Development and Applications, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA .
  5. A. Herzog, N. Shahmehri, C. Duma, An ontology of information security, Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues (2009) 278–301.
  6. J. McHugh, Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by Lincoln laboratory, ACM Transactions on Information and System Security 3 (4) (2000) 262–294.
  7. Carlos Blanco, Joaquín Lasheras, Eduardo Fernández-Medina, Rafael Valencia-García and Ambrosio Toval, "Basis for an integrated security ontology according to a systematic review of existing proposals", Computer standards and Interfaces, Vol. 33, No. 67, pp. 372-388, June 2011.
  8. S. Fenz, G. Goluch, A. Ekelhart, B. Riedl, E. Weippl, Information security fortification by ontological mapping of the iso/iec 27001 standard, in: 13th Pacific Rim International Symposium on Dependable Computing, 2007, PRDC 2007, IEEE, 2007, pp. 381–388.
  9. S. Parkin, A. Moorsel, and R. Coles, (2009). An information security ontology incorporating human-behavioural implications. In Proceedings of 2nd International Conference on Security of Information and Networks, pp. 46–55.
  10. Nadya ElBachir El Moussaid, Ahmed Toumanari, "Web Application Attacks Detection: A Survey and Classification", International Journal of Computer Applications, 2014,Vol 103, No. 12.
  11. F. Abdoli and M. Kahani, "Ontology-based Distributed Intrusion Detection System", In Proceedings of the 14th International CSI Computer Conference.
  12. Golnaz Elahi, Eric Yu, and Nicola Zannone, "A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations", Lecture Notes in Computer Science, Springer Berlin Heidelberg, pp. 99-114, 2009.
Index Terms

Computer Science
Information Sciences

Keywords

Ontology Attacks Vulnerabilities Threats Security Measures Security Goals Web application