Skip to main content
SpringerLink
Log in

Usability of Software Intrusion-Detection System in Web Applications

  • Conference paper
International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 189))

Abstract

This article is focused on the security solution based on intrusion detection idea, which should be independent of the web server type or configuration and do not rely on the other network hardware components. Discussed intrusion detection system solution is connected directly with the web application and is based on the real-time request analysis. The main opportunities of proposed principle are very low cost and simple implementation. Proposal is based on implementation of LGPL library PHPIDS [https://phpids.org/] into the demo application which consists of simple web form for testing. Integration of PHPIDS library was tested against the main web security flaws - SQL Injection, Cross Site Scripting, and HTTP Parameter Pollution. On this demo application, simple stress tests were performed and also level of security was evaluated. Moreover, suggestions for future improvements of this security solution are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Endorf, C., Schulz, E., Mellander, J.: Intrusion detection & prevention. McGraw-Hill Professional, Emeryville (2004) ISBN 0072229543

    Google Scholar 

  2. Northcutt, S., Novak, J.: Network Intrusion Detection: An Analyst’s Handbook. New Riders Publishing, Thousand Oaks (2002)

    Google Scholar 

  3. Brumley, D., Newsome, J., Song, D., et al.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of the IEEE Symposium on Security and Privacy, SP 2006, Washington, DC, USA, pp. 2–16 (2006)

    Google Scholar 

  4. Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the 28th Australasian Conference on Computer Science, ACSC 2005, Darlinghurst, Australia, pp. 333–342 (2005)

    Google Scholar 

  5. Stewart, J.M., Tittel, E., Chapple, M.: CISSP: Certified Information Systems Security Professional Study Guide. Wiley Publishing, Indiana (2011)

    Google Scholar 

  6. PHPIDS project homepage, https://phpids.org/

  7. Acunetix, Web Application Security, http://www.acunetix.com/blog/whitepaper-http-parameter-pollution/

Download references

Author information

Authors and Affiliations

  1. Faculty of Applied Informatics, Tomas Bata University in Zlin, nám. T.G.Masaryka 5555, 760 01, Zlín, Czech Republic

    Radek Vala, David Malaník & Roman Jašek

Authors
  1. Radek Vala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Malaník
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roman Jašek
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Radek Vala .

Editor information

Editors and Affiliations

  1. , Department of Civil Engineering, University of Burgos, Campus Vena (Edif.C), C/ Francisco de Vitoria, s/n, Burgos, 09006, Spain

    Álvaro Herrero

  2. VŠB-TU Ostrava, 17. listopadu 15, Ostrava, 70833, Czech Republic

    Václav Snášel

  3. MIR Labs, Scientific Network for Innovation, Machine Intelligence Research Labs, Auburn, 98071, USA

    Ajith Abraham

  4. VŠB-TU Ostrava, 17. listopadu 15, Ostrava, 70833, Czech Republic

    Ivan Zelinka

  5. , Department of Civil Engineering, University of Burgos, Campus Vena (Edif.C), C/ Francisco de Vitoria, s/n, Burgos, 09006, Spain

    Bruno Baruque

  6. Universidad de Salamanca, Plaza de la Merced S/N, Salamanca, 37008, Spain

    Héctor Quintián

  7. University of Coruña, Avda. 19 de febrero, s/n, Coruña, 15405 A, Spain

    José Luis Calvo

  8. y León, Pol. Ind. Villalonquéjar, Instituto Tecnológico de Castilla, Lopez Bravo 70, Burgos, 09001, Spain

    Javier Sedano

  9. Universidad de Salamanca, Plaza de la Merced S/N, Salamanca, 37008, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Vala, R., Malaník, D., Jašek, R. (2013). Usability of Software Intrusion-Detection System in Web Applications. In: Herrero, Á., et al. International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Advances in Intelligent Systems and Computing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33018-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33018-6_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33017-9

  • Online ISBN: 978-3-642-33018-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation