Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns
Cloud computing inherits all the systems, networks as well asWeb Services’ security vulnerabilities, in particular for software as a service (SaaS), where business applications or services are provided over the Cloud as Web Service (WS). Hence, WS-based applications must be protected against loss o...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IOS Press
2016
|
| Subjects: | |
| Online Access: | http://eprints.sunway.edu.my/686/1/Lee%20Chien%20Sing%20Intrusion%20Detection.pdf http://eprints.sunway.edu.my/686/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Sunway University |
| Language: | English |
| id |
my.sunway.eprints.686 |
|---|---|
| record_format |
eprints |
| spelling |
my.sunway.eprints.6862020-10-12T06:57:23Z http://eprints.sunway.edu.my/686/ Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns Chan, Gaik Yee Chua, Fang Fang Lee, Chien Sing * QA76 Computer software Cloud computing inherits all the systems, networks as well asWeb Services’ security vulnerabilities, in particular for software as a service (SaaS), where business applications or services are provided over the Cloud as Web Service (WS). Hence, WS-based applications must be protected against loss of integrity, confidentiality and availability when they are deployed over to the Cloud environment. Many existing IDP systems address only attacks mostly occurring at PaaS and IaaS. In this paper, we present our fuzzy association rule-based (FAR) and fuzzy associative pattern-based (FAP) intrusion detection and prevention (IDP) systems in defending against WS attacks at the SaaS level. Our experimental results have validated the capabilities of these two IDP systems in terms of detection of known attacks and prediction of newvariant attacks with accuracy close to 100%. For each transaction transacted over the Cloud platform, detection, prevention or prediction is carried out in less than five seconds. For load and volume testing on the SaaS where the system is under stress (at a work load of 5000 concurrent users submitting normal, suspicious and malicious transactions over a time interval of 300 seconds), the FAR IDP system provides close to 95% service availability to normal transactions. Future work involves determining more quality attributes besides service availability, such as latency, throughput and accountability for a more trustworthy SaaS. IOS Press 2016 Article PeerReviewed text en http://eprints.sunway.edu.my/686/1/Lee%20Chien%20Sing%20Intrusion%20Detection.pdf Chan, Gaik Yee and Chua, Fang Fang and Lee, Chien Sing * (2016) Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns. Journal of Intelligent and Fuzzy Systems, 31 (2). pp. 749-764. ISSN 1064 1246 10.3233/JIFS-169007 |
| institution |
Sunway University |
| building |
Sunway Campus Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Sunway University |
| content_source |
Sunway Institutional Repository |
| url_provider |
http://eprints.sunway.edu.my/ |
| language |
English |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Chan, Gaik Yee Chua, Fang Fang Lee, Chien Sing * Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns |
| description |
Cloud computing inherits all the systems, networks as well asWeb Services’ security vulnerabilities, in particular
for software as a service (SaaS), where business applications or services are provided over the Cloud as Web Service (WS). Hence, WS-based applications must be protected against loss of integrity, confidentiality and availability when they are deployed over to the Cloud environment. Many existing IDP systems address only attacks mostly occurring at PaaS and IaaS. In this paper, we present our fuzzy association rule-based (FAR) and fuzzy associative pattern-based (FAP) intrusion detection and prevention (IDP) systems in defending against WS attacks at the SaaS level. Our experimental results have validated the capabilities of these two IDP systems in terms of detection of known attacks and prediction of newvariant attacks
with accuracy close to 100%. For each transaction transacted over the Cloud platform, detection, prevention or prediction is carried out in less than five seconds. For load and volume testing on the SaaS where the system is under stress (at a work load of 5000 concurrent users submitting normal, suspicious and malicious transactions over a time interval of 300 seconds), the FAR IDP system provides close to 95% service availability to normal transactions. Future work involves determining more
quality attributes besides service availability, such as latency, throughput and accountability for a more trustworthy SaaS. |
| format |
Article |
| author |
Chan, Gaik Yee Chua, Fang Fang Lee, Chien Sing * |
| author_facet |
Chan, Gaik Yee Chua, Fang Fang Lee, Chien Sing * |
| author_sort |
Chan, Gaik Yee |
| title |
Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns |
| title_short |
Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns |
| title_full |
Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns |
| title_fullStr |
Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns |
| title_full_unstemmed |
Intrusion detection and prevention of web service attacks for software as a service:Fuzzy association rules vs fuzzy associative patterns |
| title_sort |
intrusion detection and prevention of web service attacks for software as a service:fuzzy association rules vs fuzzy associative patterns |
| publisher |
IOS Press |
| publishDate |
2016 |
| url |
http://eprints.sunway.edu.my/686/1/Lee%20Chien%20Sing%20Intrusion%20Detection.pdf http://eprints.sunway.edu.my/686/ |
| _version_ |
1683233341941219328 |