Open Access  Subscription or Fee Access

An Intrusion detection system (IDS) is software and hardware designed to detect unwanted attempts at accessing, manipulating, or disabling of computer systems, mainly through a network, such as the Internet. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malwares. This paper proposes how to prevent the above hazards in the web server area with a base of HTTP and FTP protocols by filtering the IP’s of the hosts by designing a web server to avoid those vulnerable contents. The web server is called “Smart Web Server”. Moreover we consider the other hazardous files such as unwanted images, banners, attacker’s sites, as problem creating contents. The content filtering approaches under the category of web personalization techniques. Using this approach the unwanted malicious contents are filtered and the system is made secure and faster than the existing one.

Intrusion Detection, Intrusion Prevention, Network Security, Content Filtering, IP Filtering Web Personalization.

Bejtlich, Richard, Extrusion Detection, Addison-Wesley, 2005.

Bejtlich, Richard, The Tao of Network Security Monitoring: Beyond Intrusion Detection,Addison-Wesley, 2004.

Cui Wei Wu Sen Zhang Yuan Chen Lian-chang “Algorithm of Mining Sequential Patterns for Web Personalization Services”, ACM SIGMIS Volume 40 , Issue 2 (May 2009) Pages 57-66

Holger Dreger, Anja Feldmann, Michael Mai, Vern Paxson, Robin Sommer “Dynamic Application-Layer Protocol Analysis for Network I ntrusion Detection” Proceedings of the 15th conference on USENIX Security Symposium - Volume 15

R. Kabila “Network Based Intrusion Detection and Prevention Systems in IP-Level “Security Protocols, World Academy of Science, Engineering and Technology 46 2008

Nazario, Jose, Defense and Detection Strategies against Internet Worms, Artech House Publishers, 2003.

Cisco Adaptive Wireless Intrusion Prevention System, C45-504521-00 11/08

Sandeep Kumar “Classification and detection of Computer Intrusions “August 1995.

Adrian G. Bors, “Introduction of the Radial Basis Function (RBF) Networks”.

Bakker and T. Heskes (2003). Task clustering and gating for Bayesian multitask learning. Journal of Machine Learning Research, 4: 83-99, 2003.

R. Caruana. (1997) Multitask learning. Machine Learning, 28, p. 41-75, 1997.

Engin Kirda, Nenad Jovanovic, Christopher Kruegel, Giovanni Vigna, “Client-side cross-site scripting protection”, 6 April 2009.

El-Sayed M. El-Alfy, Fares S. Al-Qunaieer, “A Fuzzy Similarity Approach for Automated Spam Filtering ”, IEEE/ACS International Conference on Volume, Issue, March 31 2008-April 4 2008 Page(s):544 - 550

Georgios Petasis , Frantz Vichot , Francis Wolinski , Georgios Paliouras , Vangelis Karkaletsis , Constantine D. Spyropoulos , “Using Machine Learning to Maintain Rule-based Named-Entity Recognition and Classification Systems”, Proceedings of the 39th Annual Meeting on Association for Computational Linguistics Pages: 426 - 433 , 2001

IP Filtering for Patton RAS Products, “http://www.patton.com/manuals/AccessServer_Admin-D_lo-res.pdf”.

Junghoo Cho, Sridhar Rajagopalan, “A Fast Regular Expression Indexing Engine In ICDE”, 2002.

National Science and Technology Council (NSTC), Committee on Technology, Committee on Homeland and National Security, Subcommittee on Biometrics, 7 August 2006.

http://antivirus.about.com/od/whatisavirus/a/virussignature.htm

http://archives.neohapsis.com/archives/bugtraq/2 000-12/0241.html

http://www.sans.org/reading_room/whitepapers/detection/intrusion_detection_systems_definition_need_and_challenges_343

http://www.npu.edu/npu_highlights/rd_activities/NPU_Journal/07_journal/network_judy.pdf

“www.aclweb.org/anthology/P/P01/P01-1055.pdf”.

http://projects.ascharlott.com/files/536_paper.pdf

Intrusion-prevention system. Wikipedia. http://en.wikipedia.org/wiki/Intrusion_prevention_system

Oppliger, R. (1997). Internet Security: Firewalls and Beyond. Communications of the ACM, May 1997/Vol. 40, No. 5, pp 92-102.

Zhang, X., Li, C., & Zheng, W. (2004). Intrusion Prevention System Design. The Fourth International Conference on Computer and Information Technology (CIT'04), 2004.

Bace, R., & Mell, P. Intrusion Detection Systems. NIST Special Publication on Intrusion Detection System. http://www.snort.org/docs/nist-ids.pdf.

Basic Analysis and Security Engine. http://secureideas.sourceforge.net/

Cabrera, J., Lewis, L., Qin, L, Lee, W., & Mehra, R. (2002, June). Proactive Intrusion Detection and Distributed Denial of Service Attacks – A Case Study in Security Management. Journal of Network and Systems Management, Vol. 10, No. 2, pp 225-253

Comer, D. (2004). Computer Networks and Internets, 4th ed. Upper Saddle River, NJ: Pearson, Prentice Hall.