Implementation Of Application Layer Intrusion Detection System Using Protocol Analysis

The current security problems in the internet quantify the need for a semantic intrusion detection system engine working in the application level. In the proposed semantic IDS, an object is defined as an occurrence of an elementary pattern represented by a regular expression which may not be malicious. However occurrence of combination of some of these objects may represent a malicious behavior of the user. A rule is defined such that it will be triggered whenever a particular set of objects occurs or whenever a specific sequence of object occurs. The rules and the objects are bonded together in Lex tool and integrated with the IDS engine. Given a set of rules (each dictating a number of constraints that the input data must fulfill to trigger it) the IDS engine will find malicious events using as few redundant comparisons as possible. IDS implementation is done in Linux platform using Lex and Yacc tools. The system was implemented completely in web environment and the results are presented with performance analysis.