OWADIS: Rapid Discovery of OWASP10 Vulnerability based on Hybrid IDS

Abstract

Rapid advancements in internet applications introduce new vulnerabilities and threats that malicious actors are keen to exploit. These activities are becoming more versatile and challenging to address. In addition to implementing firewalls to control the inbound and outbound network traffic, an intrusion detection system (IDS) is commonly employed to monitor the network for malicious activities and policy violations. However, most IDSs are generally designed to monitor network traffic. They are incapable to detect the vulnerabilities embedded in the legitimate packets, especially the vulnerabilities targeting web applications. In this paper, we propose a cloud-based IDS with an emphasis on the detection of OWASP Top 10 Injection vulnerabilities, combined with additional common vulnerabilities such as brute-forcing and session hijacking. Furthermore, DDoS attacks, which are commonly seen, can also be detected with our proposed adaptable HTTP flooding detection engine. We also provide the evaluation to show that our proposed scheme provides fewer false positives than SNORT and gives efficient system throughput based on the leverage of Kafka and Spark streaming.