Foundation of Semantic Rule Engine to Protect Web Application Attacks

The exponentially increasing cyber threats with the expansion of web applications have become the biggest security concern for e-business and information sharing communities. Current survey shows that application layer is more prone to web attacks. Recent survey carried out by Nation Vulnerability Database shows that, on average 15 new vulnerabilities are released per day, thus proved that existing application security mechanisms are ineffective to provide complete security solution. We have proposed an intelligent intrusion detection system (IDS) base on ontology that specifying the different categories of attacks, different encoding schemes used by the hacker, location of attack, system component affected by attack, specification of protocols used and policies/rules for mitigating these attacks. The proposed ontology base system can be refined and expanded over time. The system semantically analyzes the specific field of payload and headers where attack is possible. Inference ability of the system provide the capability for detecting the zero day and complex web application attacks that easily eludes packet level inspection. Proposed system is time efficient by analyzing the specified field of protocol, would be able to provide significant search space reduction as well as low false positive rate. For describing the semantic concepts, Prottege tool is used. OWL-DL used for describing logical class with restrictions. For consistency and inference purpose, Pallet tool is used as inference engine and rules are specified by using Jena API which also provide the reasoning ability.