Advertisement

Design and Implementation of a Host-Based Intrusion Detection System for Linux-Based Web Server

  • Cheng-Chung Kuo
  • Shu-Han Yao
  • Chia-Ling Hou
  • Chu-Sing Yang
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 110)

Abstract

In the era of blossoming computer sciences and internet technology, people cannot abolish network in our lives. However, the large number of users, website services will make itself became the most favorite targets for hackers. Although these malicious behaviors can be detected by network intrusion detection system, it is difficult to generate accuracy result owing to the shortage of data. This paper proposed a solution using host intrusion detection system that focus on the host log detection of webserver. Besides using port monitoring to monitor network environment, this paper also collected signatures of web attack and malicious activities by using signature-based approach. Furthermore, this research will find out the source of the malicious files with file monitoring function, and take appropriate action to protect web services. By using the proposed mechanism of host-based intrusion detection methods, it can provide a high accuracy to bring safety for managers and users.

Keywords

Log analyzing Port monitoring File monitoring Host-based intrusion detection system Signature-based approach 

Notes

Acknowledgment

The authors would like to thank the Ministry of Science and Technology of Taiwan, for financially supporting this research under Contract Nos. MOST 107-2218-E-006-036- and MOST 106-2221-E-006 -025.

References

  1. 1.
    Stevens, M., et al.: The first collision for full SHA-1. In: Annual International Cryptology Conference. Springer, Cham (2017)CrossRefGoogle Scholar
  2. 2.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the ioT: Mirai and other botnets. Computer 50, 80–84 (2017)CrossRefGoogle Scholar
  3. 3.
    OWASP Top 10. The ten most critical web application security risks (2017). https://www.owasp.org/images/0/0a/OWASP_Top_10_2017_GM_%28en%29.pdf
  4. 4.
    Sabahi, F., Movaghar, A.: Intrusion detection: a survey. In: 3rd International Conference on Systems and Networks Communications, ICSNC 2008. IEEE (2008)Google Scholar
  5. 5.
    Liao, H.-J., Lin, C.-H.R., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)CrossRefGoogle Scholar
  6. 6.
    Tirumala, S.S., Sathu, H., Sarrafzadeh, A.: Free and open source intrusion detection systems: a study. In: 2015 International Conference on Machine Learning and Cybernetics (ICMLC), vol. 1. IEEE (2015)Google Scholar
  7. 7.
    Schreiber, J.: Open source intrusion detection tools: a quick overview (2014). https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview
  8. 8.
    Nayyar, A.: The best open source network intrusion detection tools (2017). http://opensourceforu.com/2017/04/best-open-source-network-intrusion-detection-tools/
  9. 9.
    Abdou, A., Barrera, D., Van Oorschot, P.C.: What lies beneath? Analyzing automated SSH bruteforce attacks. In: International Conference on Passwords. Springer, Cham (2015)Google Scholar
  10. 10.
    Owens, J., Matthews, J.: A study of passwords and methods used in brute-force SSH attacks. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)Google Scholar
  11. 11.
    Makanju, A.A.O., Zincir-Heywood, A.N., Milios, E.E.: Clustering event logs using iterative partitioning. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM (2009)Google Scholar
  12. 12.
    Manpathak, S., Augustine, A.: HIDS: HTTP centric intrusion detection system for web servers. https://pdfs.semanticscholar.org/186c/3d84ca6a4d1d9cf0c0c1fe5297ba0da22d28.pdf
  13. 13.
    Yen, T.-F., et al.: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In: Proceedings of the 29th Annual Computer Security Applications Conference. ACM (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Cheng-Chung Kuo
    • 1
  • Shu-Han Yao
    • 1
  • Chia-Ling Hou
    • 1
  • Chu-Sing Yang
    • 1
  1. 1.Institute of Computer and Communication Engineering, Department of Electrical EngineeringNational Cheng Kung UniversityTainan CityTaiwan (R.O.C.)

Personalised recommendations