You are viewing a javascript disabled version of the site. Please enable Javascript for this site to function properly.
Go to headerGo to navigationGo to searchGo to contentsGo to footer
In content section. Select this link to jump to navigation

Intrusion detection and prevention of web service attacks for software as a service: Fuzzy association rules vs fuzzy associative patterns

Issue title: ICNC-FSKD 2015

Guest editors: Zheng Xiao and Kenli Li

Article type: Research Article

Authors: Chan, Gaik-Yeea | Chua, Fang-Fanga | Lee, Chien-Singb; *; 1

Affiliations: [a] Faculty of Computing and Informatics, Multimedia University, Persiaran Multimedia, Cyberjaya, Malaysia | [b] Faculty of Science and Technology, Sunway University, Sunway City, Selangor, Malaysia

Correspondence: [*] Corresponding author. Chien-Sing Lee, Faculty of Science and Technology, Sunway University, Sunway City, 47500 Selangor, Malaysia. Tel.: +60 3 74918622; E-mail: [email protected].

Note: [1] The corresponding author was a former faculty at Universiti Tunku Abdul Rahman, Malaysia when the research was conducted.

Abstract: Cloud computing inherits all the systems, networks as well as Web Services’ security vulnerabilities, in particular for software as a service (SaaS), where business applications or services are provided over the Cloud as Web Service (WS). Hence, WS-based applications must be protected against loss of integrity, confidentiality and availability when they are deployed over to the Cloud environment. Many existing IDP systems address only attacks mostly occurring at PaaS and IaaS. In this paper, we present our fuzzy association rule-based (FAR) and fuzzy associative pattern-based (FAP) intrusion detection and prevention (IDP) systems in defending against WS attacks at the SaaS level. Our experimental results have validated the capabilities of these two IDP systems in terms of detection of known attacks and prediction of new variant attacks with accuracy close to 100%. For each transaction transacted over the Cloud platform, detection, prevention or prediction is carried out in less than five seconds. For load and volume testing on the SaaS where the system is under stress (at a work load of 5000 concurrent users submitting normal, suspicious and malicious transactions over a time interval of 300 seconds), the FAR IDP system provides close to 95% service availability to normal transactions. Future work involves determining more quality attributes besides service availability, such as latency, throughput and accountability for a more trustworthy SaaS.

Keywords: Intrusion detection, intrusion prevention, software as a service, fuzzy association rule, web service

DOI: 10.3233/JIFS-169007

Journal: Journal of Intelligent & Fuzzy Systems, vol. 31, no. 2, pp. 749-764, 2016

Published: 22 July 2016
Price: EUR 27.50
Show more