Fuzzy association rules vs fuzzy associative patterns in defending against web service attacks

This paper presents a fuzzy association rule-based intrusion detection and prevention (FAR IDP) system that is implemented within an e-commerce Web service-based application. This system compares the effectiveness and efficiency of using 20 fuzzy association rules compared to 366 fuzzy associative patterns (FAP) to determine whether to definitely grant access to normal transaction, probably deny access for suspicious transaction or certainly deny access to transactions which may contain malicious inputs or XML content. Experimental results from our FAR IDP system have demonstrated that both rules-based and pattern-based algorithms are able to detect, prevent and predict Web service attacks such as SQL injection, XML injection, DoS and SOAP oversized close to real-time, with detection accuracy of not lower than 99%. There is also a slight difference in terms of time; the transaction time for FAP is almost doubled that of FAR´s in ms. Additionally, with a transaction time of less than 0.25ms and a detection accuracy of greater than 99%, our FAR IDP has outperformed many other fuzzy and Web service-based IDP systems.