Enhanced Architecture for Misconfiguration and Intrusion Detection using Centralized Rule based System
International Journal of Computer Applications
Web servers and web-based applications are popular attack targets. Web servers are usually accessible through corporate firewalls. The number of reported web application vulnerabilities is increasing dramatically. Thus the task of securing web applications is one of the most urgent. On the other hand traditional protection mechanisms like firewalls were not designed to protect web applications and thus do not provide adequate defense. Current attacks cannot be thwarted by just blocking ports 80
... t blocking ports 80 (HTTP) and 443 (HTTPS).Previously known intrusion detection systems are not efficient with more false positive alarms and more time and space complexity. In this research work a new IDS architecture is introduced which detect misconfiguration and intrusion simultaneously. There is also used a RBs (Rule Based System) which take appropriate action accordingly degree of misconfiguration. The RBs consist with predefined rule. This rules guide the system to take appropriate action. Rules are triggered as soon as it received signal for misconfigurations. The architecture designed such a way that it can handle misconfigurations and detection of intrusion simultaneously.