An Adaptive Intrusion Detection and Prevention (ID/IP) Framework for Web Services

The advance in Web technology has lead to more and more applications being deployed over the Web service (WS) platform. However, the inherent security weaknesses of the WS platform have lead to these WS-based applications being vulnerable and targets for attacks. This paper identifies and describes the various vulnerabilities and security threats pertaining to WS. After examining the various existing defending mechanisms for WS, it is found that they are not adaptive and adequate in counter-measuring the WS attacks. An adaptive intrusion detection and prevention (ID/IP) framework to protect the WS against attacks related to SOAP/XML/SQL is thus introduced. Through illustration by examples, the framework demonstrated that by making use of agents that act as sensors, data mining techniques such as clustering, association and sequential rule coupled with fuzzy logic to further analyze and identify anomalies, is able to exhibit the adaptive nature of capturing anomalies and avoiding false alarms.