Skip to main content
SpringerLink
Log in

Analysis of Traditional Web Security Solutions and Proposal of a Web Attacks Cognitive Patterns Classifier Architecture

  • Conference paper
  • First Online:
Technologies and Innovation (CITI 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 883))

Included in the following conference series:

Abstract

The present work proposes a security architecture for web servers called Web Attacks Cognitive Patterns Classifier, which makes use of cognitive security concepts to deliver a more complete solution than existing ones. The architecture proposes the development of an integrated software solution where existing tools such as Elasticsearch, Logstash and Kibana are incorporated. The proposed system will be nurtured using data of attacks obtained from honeypots implemented in hacker communities; such data will be analyzed by using machine learning algorithms and behavioral parameters to determinate attack patterns and classifications. The present work also makes a literature review of existing web security solutions, to understand their limitations and to explain the reasons why the creation of the proposed architecture was necessary. We can say that usage of different technologies oriented to a specific problem can generate better solutions; in the case of this work, different technologies such as ELK Stack, Cognitive Security, Machine Learning techniques and Honeypots have been combined for the assurance, prevention and proactive security of Web Servers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Yoo, S.G., Park, K.Y., Kim, J.: Confidential information protection system for mobile devices. Secur. Commun. Netw. 5(12), 1452–1461 (2012)

    Article  Google Scholar 

  2. Kim, D.J., Chung, K.W., Hong, K.S.: Person authentication using face, teeth and voice modalities for mobile device security. IEEE Trans. Consum. Electron. 56(4), 2678–2685 (2010)

    Article  Google Scholar 

  3. Park, K.Y., Yoo, S.G., Kim, J.: Debug port protection mechanism for secure embedded devices. J. Semicond. Technol. Sci. 12(2), 240–253 (2012)

    Article  Google Scholar 

  4. Yoo, S.G., Kang, S.H., Kim, J.: SERA: a secure energy and reliability aware data gathering for sensor networks. In: Proceedings of 2010 International Conference on Information Science and Applications, Seoul, South Korea. IEEE (2010)

    Google Scholar 

  5. Ren, Z., Liu, H.: Design and implementation of network security transmission system for intelligent home video surveillance. In: Proceedings of 2018 International Conference on Electronics Technology (ICET), pp. 398–402 (2018)

    Google Scholar 

  6. Yoo, S.G.: 5G-VRSec: secure video reporting service in 5G enabled vehicular networks. Wirel. Commun. Mob. Comput. (2017). Article number 7256307

    Google Scholar 

  7. Park, K.-Y., Yoo, S.-G., Kim, J.: Security requirements prioritization based on threat modeling and valuation graph. Commun. Comput. Inf. Sci. 206, 142–152 (2011)

    Google Scholar 

  8. Symantec: Internet Security Threat Report ISTR (2017)

    Google Scholar 

  9. Cybenko, G., Giani, A., Thompson, P.: Cognitive hacking. Adv. Comput. 60, 35–73 (2004)

    Article  Google Scholar 

  10. IBM: Cognitive security. IBM Security, p. 11 (2016)

    Google Scholar 

  11. Ogiela, M.R., Ogiela, L.: Security of cognitive information systems. In: Park, J.J.(Jong Hyuk), Barolli, L., Xhafa, F., Jeong, H.Y. (eds.) Information Technology Convergence. LNEE, vol. 253, pp. 427–433. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-6996-0_44

    Chapter  MATH  Google Scholar 

  12. Armstrong, H.L., Forde, P.J.: Internet anonymity practices in computer crime. Inf. Manag. Comput. Secur. 11(5), 209–215 (2003)

    Article  Google Scholar 

  13. Thill, S.: Considerations for a neuroscience-inspired approach to the design of artificial intelligent systems. In: Schmidhuber, J., Thórisson, K.R., Looks, M. (eds.) AGI 2011. LNCS (LNAI), vol. 6830, pp. 247–254. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22887-2_26

    Chapter  Google Scholar 

  14. Bailly, S., Meyfroidt, G., Timsit, J.F.: What’s new in ICU in 2050: big data and machine learning. Intensiv. Care Med. 44(9), 1–4 (2017)

    Google Scholar 

  15. Abadi, M., et al.: TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems (2016)

    Google Scholar 

  16. Holzinger, A.: Interactive machine learning for health informatics: when do we need the human-in-the-loop? Brain Inform. 3(2), 119–131 (2016)

    Article  Google Scholar 

  17. Blum, A.L., Langley, P.: Selection of relevant features and examples in machine learning. Artif. Intell. 97(1–2), 245–271 (1997)

    Article  MathSciNet  Google Scholar 

  18. Qiu, J., Wu, Q., Ding, G., Xu, Y., Feng, S.: A survey of machine learning for big data processing. EURASIP J. Adv. Signal Process. 2016(1), 67 (2016)

    Article  Google Scholar 

  19. Ogweno, K.L., Oteyo, O.E., Ochieng, H.D.: Honey pot intrusion detection system. Int. J. Eng. Invent. 4(5), 2278–7461 (2014)

    Google Scholar 

  20. Kroeck, K.G., Kirs, P.J., Fiedler, A.M.: Cognitive biasing effects in information systems: implications for linking real world information with human judgment. In: Proceedings of the Twenty-Second Annual Hawaii International Conference on System Sciences, vol. 3, pp. 517–524 (1989)

    Google Scholar 

  21. Chang, J.M., et al.: Capturing cognitive fingerprints from keystroke dynamics. IT Prof. 15(4), 24–28 (2013)

    Article  Google Scholar 

  22. Sumari, A.D.W., Ahmad, A.S.: Cognitive artificial intelligence: the fusion of artificial Intelligence and information fusion. In: Proceedings of 2016 International Symposium on Electronics and Smart Devices (ISESD), pp. 1–6 (2016)

    Google Scholar 

  23. Muraleedharan, R., Osadciw, L.A.: Cognitive security protocol for sensor based VANET using swarm intelligence. In: Proceedings of 2009 Conference Record of the Forty-Third Asilomar Conference on Signals, Systems and Computers, pp. 288–290 (2009)

    Google Scholar 

  24. Usha, B.A., Ksrinath, N., Ravikumar, C.N., Vismayas, P.: Cognitive prediction of the most appropriate image steganography approach. Int. J. Comput. Appl. 121(8) (2015)

    Google Scholar 

  25. Ogiela, L., Ogiela, M.R.: Advances in Cognitive Information Systems, vol. 17. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-25246-4

    Book  MATH  Google Scholar 

  26. Ogiela, L., Ogiela, M.R.: Towards cognitive cryptography. J. Internet Serv. Inf. Secur. (JISIS) 4(1), 58–63 (2014)

    MATH  Google Scholar 

  27. Kamarudin, M.H., Maple, C., Watson, T., Safa, N.S.: A LogitBoost-Based Algorithm for detecting known and unknown web attacks. IEEE Access 5, 26190–26200 (2017)

    Article  Google Scholar 

  28. Almohri, H.M.J., Watson, L.T., Evans, D.: Misery digraphs: delaying intrusion attacks in obscure clouds. IEEE Trans. Inf. Forensics Secur. 13(6), 1361–1375 (2018)

    Article  Google Scholar 

  29. Sevilla, S., Garcia-Luna-Aceves, J.J., Sadjadpour, H.: GroupSec: a new security model for the web. In: Proceedings of 2017 IEEE International Conference on Communications (ICC), pp. 1–6 (2017)

    Google Scholar 

  30. Martínez, S., Cosentino, V., Cabot, J.: Model-based analysis of Java EE web security misconfigurations. Comput. Lang. Syst. Struct. 49, 36–61 (2017)

    Google Scholar 

  31. Garcia Clemente, F.J., Martinez Pérez, G., Muñoz Ortega, Botia, A.J.A., Gómez Skarmeta, A.F.: Towards semantic web-based management of security services. Ann. Telecommun. 63(3–4), 183–193 (2008)

    Article  Google Scholar 

  32. Baravati, H.B., Hosseinkhani, J., Keikhaee, S., Ostad, M., Khayat, H., Havasi, M.: A new data mining-based approach to improving the quality of alerts in intrusion detection systems. IJCSNS Int. J. Comput. Sci. Netw. Secur. 17(8), 194–198 (2017)

    Google Scholar 

  33. Aljumah, A.: Securing modern web services from distributed denial of service using SVM. IJCSNS Int. J. Comput. Sci. Netw. Secur. 17(10), 23–31 (2017)

    Google Scholar 

  34. Wang, C., Miu, T.T.N., Luo, X., Wang, J.: SkyShield: a sketch-based defense system against application layer DDoS attacks. IEEE Trans. Inf. Forensics Secur. 13(3), 559–573 (2018)

    Article  Google Scholar 

  35. Medved, A.: Auswirkungen der IT-Sicherheit auf die Bahnstromautomatisierung. e & Elektrotechnik und Informationstechnik 134(1), 117–120 (2017)

    Article  Google Scholar 

  36. Bugliesi, M., Calzavara, S., Focardi, R.: Formal methods for web security. J. Log. Algebr. Methods Program. 87, 110–126 (2017)

    Article  MathSciNet  Google Scholar 

  37. Mago, V.K., et al.: Analyzing the impact of social factors on homelessness: a fuzzy cognitive map approach. BMC Med. Inform. Decis. Mak. 13(1), 94 (2013)

    Article  Google Scholar 

  38. Nunes, P., Medeiros, I., Fonseca, J., Neves, N., Correia, M., Vieira, M.: On combining diverse static analysis tools for web security: an empirical study. In: Proceedings of 2017 13th European Dependable Computing Conference (EDCC), pp. 121–128 (2017)

    Google Scholar 

  39. Odirichukwu, J.C., Asagba, P.O.: Security concept in web database development and administration—a review perspective. In: Proceedings of 2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON), pp. 383–391 (2017)

    Google Scholar 

  40. Kearney, P., Chapman, J., Edwards, N., Gifford, M., He, L.: an overview of web services security. BT Technol. J. 22(1), 27–42 (2004)

    Article  Google Scholar 

  41. Hsiao, H., Chen, D. Wu, T.: Detecting hiding malicious website using network traffic mining approach. In: Proceedings of 2010 2nd International Conference on Education Technology and Computer (2010)

    Google Scholar 

  42. Yu, B., et al.: Rule-based security capabilities matching for web services. Wireless Pers. Commun. 73(4), 1349–1367 (2013)

    Article  Google Scholar 

  43. Debar, H., Tombini, E.: Web analyzer: accurate detection of HTTP attack traces in web server logs. Annales Des Télécommunications 61(5–6), 682–704 (2006)

    Article  Google Scholar 

  44. Bajer, M.: Building an IoT Data Hub with Elasticsearch, Logstash and Kibana. In: Proceedings of 2017 5th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 63–68 (2017)

    Google Scholar 

  45. Doan, D.N., Iuhasz, G.: Tuning Logstash Garbage collection for high throughput in a monitoring platform. In: Proceedings of 2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), pp. 359–365 (2016)

    Google Scholar 

  46. Hasani, Z., Fondaj, J.: Improvement of implemented infrastructure for streaming outlier detection in big data with ELK stack. Trends and Advances in Information Systems and Technologies, pp. 869–877 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Facultad de Ingeniería de Sistemas, Escuela Politécnica Nacional, Quito, Ecuador

    Carlos Martínez Santander & Sang Guun Yoo

  2. Carrera de Medicina, Universidad Católica de Cuenca, Cuenca, Ecuador

    Carlos Martínez Santander

  3. Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas ESPE, Sangolquí, Ecuador

    Sang Guun Yoo

  4. Facultad de Informática y Electrónica, Escuela Superior Politécnica de Chimborazo, Riobamba, Ecuador

    Hugo Oswaldo Moreno

Authors
  1. Carlos Martínez Santander
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sang Guun Yoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hugo Oswaldo Moreno
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sang Guun Yoo .

Editor information

Editors and Affiliations

  1. Facultad de Informática, Universidad de Murcia, Murcia, Spain

    Rafael Valencia-García

  2. Departamento de Filología Moderna, Universidad de Castilla la Mancha, Ciudad Real, Ciudad Real, Spain

    Gema Alcaraz-Mármol

  3. Universidad Agraria del Ecuador, Guayaquil, Ecuador

    Javier Del Cioppo-Morstadt

  4. Universidad Agraria del Ecuador, Guayaquil, Ecuador

    Néstor Vera-Lucio

  5. Universidad Agraria del Ecuador, Guayaquil, Ecuador

    Martha Bucaram-Leverone

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Martínez Santander, C., Yoo, S.G., Moreno, H.O. (2018). Analysis of Traditional Web Security Solutions and Proposal of a Web Attacks Cognitive Patterns Classifier Architecture. In: Valencia-García, R., Alcaraz-Mármol, G., Del Cioppo-Morstadt, J., Vera-Lucio, N., Bucaram-Leverone, M. (eds) Technologies and Innovation. CITI 2018. Communications in Computer and Information Science, vol 883. Springer, Cham. https://doi.org/10.1007/978-3-030-00940-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00940-3_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00939-7

  • Online ISBN: 978-3-030-00940-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation