Design and Implementation of a Host-Based Intrusion Detection System for Linux-Based Web Server
In the era of blossoming computer sciences and internet technology, people cannot abolish network in our lives. However, the large number of users, website services will make itself became the most favorite targets for hackers. Although these malicious behaviors can be detected by network intrusion detection system, it is difficult to generate accuracy result owing to the shortage of data. This paper proposed a solution using host intrusion detection system that focus on the host log detection of webserver. Besides using port monitoring to monitor network environment, this paper also collected signatures of web attack and malicious activities by using signature-based approach. Furthermore, this research will find out the source of the malicious files with file monitoring function, and take appropriate action to protect web services. By using the proposed mechanism of host-based intrusion detection methods, it can provide a high accuracy to bring safety for managers and users.
KeywordsLog analyzing Port monitoring File monitoring Host-based intrusion detection system Signature-based approach
The authors would like to thank the Ministry of Science and Technology of Taiwan, for financially supporting this research under Contract Nos. MOST 107-2218-E-006-036- and MOST 106-2221-E-006 -025.
- 3.OWASP Top 10. The ten most critical web application security risks (2017). https://www.owasp.org/images/0/0a/OWASP_Top_10_2017_GM_%28en%29.pdf
- 4.Sabahi, F., Movaghar, A.: Intrusion detection: a survey. In: 3rd International Conference on Systems and Networks Communications, ICSNC 2008. IEEE (2008)Google Scholar
- 6.Tirumala, S.S., Sathu, H., Sarrafzadeh, A.: Free and open source intrusion detection systems: a study. In: 2015 International Conference on Machine Learning and Cybernetics (ICMLC), vol. 1. IEEE (2015)Google Scholar
- 7.Schreiber, J.: Open source intrusion detection tools: a quick overview (2014). https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview
- 8.Nayyar, A.: The best open source network intrusion detection tools (2017). http://opensourceforu.com/2017/04/best-open-source-network-intrusion-detection-tools/
- 9.Abdou, A., Barrera, D., Van Oorschot, P.C.: What lies beneath? Analyzing automated SSH bruteforce attacks. In: International Conference on Passwords. Springer, Cham (2015)Google Scholar
- 10.Owens, J., Matthews, J.: A study of passwords and methods used in brute-force SSH attacks. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)Google Scholar
- 11.Makanju, A.A.O., Zincir-Heywood, A.N., Milios, E.E.: Clustering event logs using iterative partitioning. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM (2009)Google Scholar
- 12.Manpathak, S., Augustine, A.: HIDS: HTTP centric intrusion detection system for web servers. https://pdfs.semanticscholar.org/186c/3d84ca6a4d1d9cf0c0c1fe5297ba0da22d28.pdf
- 13.Yen, T.-F., et al.: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In: Proceedings of the 29th Annual Computer Security Applications Conference. ACM (2013)Google Scholar