Abstract
In the current digital era, the consumer uses web applications for banking, e-commerce, and sharing information with others. These web applications are suffered from different types of attacks. The hacker intelligently uses multiple attack vectors to generate attacks with the help of tools. Therefore, intelligent intrusion detection plays an essential role in security. This paper presents an ontology-based intrusion detection framework to detect Denial of Service (DoS) attacks at the application level. The system proposes the ontology model and semantic rule for the detection of an HTTP flood attack. The system is implemented and tested on the GoldenEye DoS dataset with the help of semantic rules. The system provides early detection of DoS attacks in two seconds and improved detection rate using a time winodw threshold mechanism in the semantic rule. The system also achieves a higher detection rate of 94.89% without threshold in semantic rule to detect DoS attack. Finally, the system is compared with related traditional DoS detection systems.
Similar content being viewed by others
References
Ajayi O, Saadawi T (2020) Blockchain-Based Architecture for Secured Cyber-Attack Features Exchange. In: International conference on cyber security and cloud computing (CSCloud)/2020 6th IEEE international conference on edge computing and scalable cloud (EdgeCom), pp. 100-107. IEEE
Anusha K, Sathiyamoorthy E (2016) Omamids: ontology based multi-agent model intrusion detection system for detecting web service attacks. J Appl Sec Res 11(4):489–508
Al Balushi A, McLaughlin K, Sezer S (2016) OSCIDS: an ontology based scada intrusion detection framework. In: SECRYPT, pp. 327-335
Arogundade OT, Abioye TE, Sanjay M (2020) An ontological approach to threats pattern collection and classification: a preliminary study to security management. Int J Electron Sec Digit Foren 12(3):323–335
Bharathi R, Ponniah K (2016) A new ontology based multi-agent framework for intrusion detection. Int J Commun Syst 29(17):2490–2502
Bist M, Panwar A, Kumar V (2016) An agent based architecture using ontology for intrusion detection system. In: 2016 2nd international conference on next generation computing technologies, pp. 579-587. IEEE
Bourekkache S, Kazar O, Aloui A (2019) Computer and network security: ontological and multi-agent system for intrusion detection. J Digit Inform Manag 17(3):133
David J, Thomas C (2019) Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput Sec 82:284–295
Deshpande P, Sharma SC, Peddoju SK, Abraham A (2018) Security and service assurance issues in Cloud environment. Int J Syst Assur Eng Manag 9(1):194–207
Deshpande P, Sharma SC, Kumar PS (2015, May) Security threats in cloud computing. In international conference on computing, communication & automation (pp. 632-636). IEEE
Ding Y, Wu R, Zhang X (2019) Ontology-based knowledge representation for malware individuals and families. Comput Sect 87:101574
Donalds C, Osei-Bryson KM (2019) Toward a cybercrime classification ontology: a knowledge-based approach. Comput Human Behav 92:403–418
Fielding R, Gettys J, Mogul J, Frystyk H, Masinter L, Leach P, Berners-Lee T (1999) RFC2616: Hypertext Transfer Protocol-HTTP/1.1
Garg S, Garg A, Kandpal A, Joshi K, Chauhan R, Goudar RH (2013) Ontology and specification-based intrusion detection and prevention system. In: 4th International Conference on The Next Generation Information Technology, pp 154-159. IET
Gopalan V (2020) DDoS Attack Trends to Watch In 2020. Indusface
Hosseinzadeh S, Amirmazlaghani M, Shajari M (2020) An aggregated statistical approach for network flood detection using Gamma-Normal mixture modeling. Comput Commun 152:137–148
Hosseini S, Seilani H (2019) Anomaly process detection using negative selection algorithm and classification techniques. Evolving Systems 1–10
Hill KM (2016) In search of useful collection metadata: using OpenRefine to create accurate, complete, and clean title-level collection information. Serials Rev 42(3):222–228
Isaza G, Castillo A, López M, Castillo L, López M (2010) Intrusion correlation using ontologies and multi-agent systems. In: International conference on information security and assurance, pp. 51-63. Springer
Ibrahim ZK, Thanon MY (2021, January) Performance comparison of intrusion detection system using three different machine learning algorithms. In: 2021 6th international conference on inventive computation technologies (ICICT) (pp. 1116-1124). IEEE
Idhammad M, Afdel K, Belouch M (2018) Distributed intrusion detection system for cloud environments based on data mining techniques. Proc Comput Sci 127:35–41
Karande HA, Gupta SS (2015) Ontology based intrusion detection system for web application security. In: International conference on communication networks (ICCN), pp. 228-232. IEEE
Karande HA, Kulkarni PA, Gupta SS, Gupta D (2015) Security against web application attacks using ontology based intrusion detection system. In: International conference on communication networks (ICCN), pp 89-92. IEEE
Khurat A, Sawangphol W (2019) An Ontology for SNORT Rule. In: 16th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 49-55. IEEE
Oza A, Ross K, Low RM, Stamp M (2014) HTTP attack detection using n-gram analysis. Comput Sec 45:242–254
Pandey VC, Peddoju SK, Deshpande PS (2018) A statistical and distributed packet filter against DDoS attacks in Cloud environment. Sādhanā 43(3):1–9
Patil R, Dudeja H, Gawade S, Modi C (2018) Protocol Specific Multi-Threaded Network Intrusion Detection System (PM-NIDS) for DoS/DDoS Attack Detection in Cloud. In: 2018 9th International Conference on Computing, Communication and Networking Technologies, pp. 1-7. IEEE
Polat H, Polat O, Cetin A (2020) Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3):1035
Razzaq A, Latif K, Ahmad H, Hur A, Anwar Z, Bloodsworth P (2014) Semantic security against web application attacks. Inform Sci 254:19–38
Razzaq A, Hur A, Masood M, Latif K, Ahmad HF, Takahashi H (2011) Foundation of semantic rule engine to protect web application attacks. In: Tenth international symposium on autonomous decentralized systems, pp. 95-102. IEEE
Rosa TM, Santin AO, Malucelli A (2012) Mitigating XML injection 0-day attacks through strategy-based detection systems. IEEE Sec Priv 11(4):46–53
Sadighian A, Fernandez JM, Lemay A, Zargar ST (2013) Ontids: A highly flexible context-aware and ontology-based alert correlation framework. In: International Symposium on Foundations and Practice of Security, pp. 161-177. Springer
Salini P, Shenbagam J (2015) Prediction and classification of web application attacks using vulnerability ontology. Int J Comput Appl 116(21)
Sreeram I, Vuppala V (2019) HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl Comput Inform 15(1):59–66
Sikos LF (2019) OWL ontologies in cybersecurity: conceptual modeling of cyber-knowledge. In: AI in Cybersecurity, pp. 1-17. Springer
Xu G, Cao Y, Ren Y, Li X, Feng Z (2017) Network security situation awareness based on semantic ontology and user-defined rules for Internet of Things. IEEE Access 5:21046–21056
Funding
No funding support for this work.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kshirsagar, D., Kumar, S. An ontology approach for proactive detection of HTTP flood DoS attack. Int J Syst Assur Eng Manag 14 (Suppl 3), 840–847 (2023). https://doi.org/10.1007/s13198-021-01170-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-021-01170-3