Cyber Security: Threats, Reasons, Challenges,

Methodologies and State of the Art Solutions for

Industrial Applications
Abdul Razzaq, Ali Hur, H Farooq Ahmad, Muddassar Masood
School of Electrical Engineering and Computer Science (SEECS)
National University of Sciences and Technology, Islamabad, Pakistan
{abdul.razzaq, ali.hur, farooq.ahmad, muddassar.masood }@seecs.edu.pk
Abstract: Cyber Civilization has become an important source of
information sharing and professional activities like business,
banking transactions, shopping, services and advertisement. With
the exponentially increase in usage of cyberspace, cybercriminal
actives are also increase exponentially. The basic reasons is that
with the inception of world wide web, the web applications were
also getting popularity for data storing and data sharing,
irrespective of the user. With the passage of time web
applications were getting more complex with rapid increase in
their design faults, creating the surfing of internet totally unsafe.
More than 90 percent web applications have some kind of design
or development fault which can be easily exploited by the cyber
criminals. These faults in web application can help criminals in
getting the illegal access to trade secrets of any business.
Sometime the web application may not be posing threat but the
technology used in these applications become the root cause and
put the application to the risk of illegal access. Presently the
social networks, Internet connected mobile devices, individual
privacy, and the online connectivity of entities such as banks are
the most enticing targets for cyber criminals. In this survey we
highlight the common cyber threats and detailed analysis of
existing system and methodology used for its industrial solutions.
Some important some industrial application also analyzed this
paper.
Keywords Cyber security, Cyber threat, Web Security
Solution
I. INTRODUCTION
History shows that the losses to the financial
organization or individuals through criminal activities are
multifold. Even the government and defense organization have
experienced significant cyber losses and disruptions [1, 9]. In
the US, the head of the new Cyber Command revealed that
Pentagons systems are probed by unauthorized users about
6 million times a day. Total losses are, through cybercrime
globally, may be as high as 1 trillion dollars [2].
The crime environment in cyber space is totally different
from the real space that is why there are many hurdles to
enforce the cybercrime law as real space law in any society.
For Example, age in real space is a self-authenticating factor
as compare to cyberspace in which age is not similarly self-
authenticating. A child under age 18 can easily hide his age in
cyber space and can access the restricted resources where as in
real space it would be difficult for him to do so. Cyber security
involves protecting the information by preventing, detecting,
and responding to cyber-attacks. Cyber security not only
counters the criminal activities dealing with computers and
networks also include traditional crimes conducted through the
Internet. The illegal activities like; hate crimes, telemarketing;,
internet fraud, identity theft, and credit card account thefts are
considered to be cybercrimes when these activities are
committed through the use of a computer and the Internet [4].
According to the Gartner Group, 97 percent of the over
300 web sites audited were found vulnerable to web
application attack, and 75 percent of the cyber-attacks today
are at the application level.
Deputy Assistant FBI Director Steven Chabinsky has
admitted that [3]:
As cybercrime increasingly becomes the vocation of highly
organized criminal syndicates, law enforcement authorities
have been revamping their approach to address the growing
sophistication of the threat.
If we fail to act, the cyber threat can be an existential
threat, meaning it can challenge our countrys very existence,
or significantly alter our nations potential.
I am convinced that given enough time, motivation and
funding, a determined adversary will always be able to
penetrate a targeted system.
II. CYBER SECURITY THREATS
Cyber security threats encompass a broad range of
potentially illegal activities on internet. Generally, it may be
divided into one of two types of categories: crimes that target
/harm computer networks or devices directly like malware,
viruses or denial of service attack and crimes facilitated by
computer networks or devices, the primary target of which is
independent of the computer network or device like fraud,
identity theft, phishing scams, information warfare or cyber
stalking. According to the president of cyberlaws.net and
consultant, there are various categories and types of
cybercrimes. Cybercrimes can be basically divided into three
main categories [5]:
Cybercrimes against persons like transmission of child
pornography, harassment through e-mail, dissemination of
obscene material or violation of privacy of citizens. Such
cybercrimes have negative impact upon the new
generation and society as whole, if not properly
controlled.
Cybercrimes against all forms of property includes
computer vandalism (destruction of others property),
transmission of harmful programs like Melissa virus or
love bug, use of various spyware to steal corporate secret
data. Such crimes caused loss of millions dollars
worldwide, by damaging computers network and
business.
Cybercrimes against Government includes the terrorist
activates that break or cracks the government or military
maintained website. Computer based violations may be in
the form of hacking, computer trespassing unauthorized
access or computer fraud which is the Internet age crime
of obtaining property by false pretences. Similarly
internet identity theft, aggravated identity theft,
trafficking access devices, stolen credit cards or social
security numbers, computer forgery, fake user pretended
himself to be a legal user, child pornography and Cyber
Stalking are different form of cybercrimes. Cybercrimes
encompasses a broad range of illegal activities which may
also include [5, 6, 7]:
A. Cyber Theft
This is the most common cyber-attack that committed in
cyberspace. This kind of offence is normally referred as
hacking in the generic sense. It basically involves using the
computer to steal information or assets. It also includes the
illegal access, by using the malicious script to break/crack the
computer system without user knowledge or consent, for
stealing/tampering the precious confidential data and
information. It is the gravest cybercrimes among the others.
Most of the banks, Microsoft, Yahoo and Amazon are victim
of such attack. Cyber thieves use tactics like embezzlement,
plagiarism, hacking, piracy, espionage, DNS cache poisoning,
and identity theft. Most of the security web sites and
Wikipedia has described the various cyber threats; few
examples [8] of cyber theft include the following:
B. Cyber Vandalism
Damaging or destroying data rather than stealing or
misusing them is called cyber vandalism. This can include a
situation where network services are disrupted or stopped.
This deprives the authorized users (website visitors,
employees) for accessing the information contained on the
network. This cybercrime is like a time bomb, can be set to
bring itself into action at a specified time and damage the
target system. The creation and dissemination of harmful
computer programs which do irreparable damage to computer
systems, deliberately entering malicious code (viruses,
Trojans) into a computer network to monitor, follow, disrupt,
stop, or perform any other action without the permission of the
owner of the network are severe kind of cybercrimes.
C. Web Jacking
Web jacking is the forceful control of a web server through
gaining access and control over the web site of another.
Hacker may manipulate the information on the site. Example
[2] of web jacking is that of the gold fish case, the site was
hacked and the information pertaining to gold fish was
changed. Further a ransom of US dollar 1 million was
demanded a ransom.
D. Stealing Credit Card information
Stealing of credit card information by breaking into the e-
commerce server and misuse these information.
E. Software Piracy
Software Piracy is the distribution of illegal and
unauthorized pirated copies of software. It is illegal digital
broadcasting. It also includes the computer embezzlement,
unauthorized download of computer software.
F. Industrial Espionage
Spies of one business monitoring the network traffic of
their competitors. It may be Information of future products,
marketing strategies, and even financial information.
G. Cyber Terrorism
Deliberately, usually politically motivated violence
committed against civilians through the use of, or with the
help of, computer or internet technology.
H. Child Pornography
The use of computer networks to create, distribute, or
access materials that sexually exploit underage children or
possession of child pornography in shared drives of
community networks.
I. Cyber Contraband
Transferring of illegal items or information through
internet that is banned in some locations, like encryption
technology, prohibited material etc.
J. Spam
It includes the Violation of SPAM Act, through
unauthorized transmission of spam by sending commercial,
illegal product marketing or immoral content proliferation
through emails.
K. Wi-Fi High Jacking
It is unauthorized access to unsecured private computer
system working on wireless network. Almost 60-70 percent
wireless networks are wide open in the world, providing the
lucrative environment for hackers.
L. Cyber Trespass
Illegal accessing of a computer or network resources
without altering disturbs, misuse, or damage the data or
system. It might include, accessing of private information
without disturbing them or snooping the network traffic for get
some important information.
M. Logic bombs
These are event dependent programs. These programs are
activated after the trigger of specific even. Chernobyl virus is
a specific example which acts as logic bomb and can sleep
throughout the year and become active only on a particular
date
N. Drive by Download (Gumbler)
A recent survey undertaken by Internet search company
Google Inc. revealed that as many as 1 in 10 websites were
acting as hosts for malware. The term Drive by Download
(DbD) is maneuvering in software industry since its inception
with different variations. It is a phenomenon in which any
software program is installed automatically on a user computer
while surfing on the internet. The intent of installing malicious
software is to gain benefit over victim machine, e.g. it could
be a stealing of sensitive information like stored passwords,
personal data, using victim terminal as botnet to further spread
malicious contents.
O. Salami attacks
This kind of crime is normally prevalent in the financial
institutions committing financial crimes. This attack is
launched by Developing or modifying software to capture
small amounts slices of money in a transaction and
redirecting them to a hidden account. An important feature of
this type of offence is that the money in a transaction is so
small that it would normally go unnoticed. For example a
logic bomb can be introduced in the banks system, which can
deducted 2 cents from every account and deposited it in a
particular account.
P. Cyber Assault by Threat
The use of a computer network such as email, videos, or
phones for threatening a person with fear for their lives or the
lives of their families or persons whose safety they are
responsible for (such as employees or communities). An
example of this is blackmailing a person to a point when he is
forced to transfer funds to an untraceable bank account
through an online payment facility.
Q. Script Kiddies
Novices, who are called script kiddies/ script bunny/ script
kitty/ script running juvenile is a derogatory term used to
describe those who use scripts or programs developed by
others to attack computer systems, networks and get the root
access and deface websites.
R. Denial of service
A denial of service attack (DoS) or distributed denial of
service attack (DDoS) is an attempt to make a computer
resource unavailable to its intended users. The computer of the
victim is flooded with more requests than it can handle which
cause it to crash. Although the means to carry out, motives for,
and targets of a DoS attack may vary, it generally consists of
the concerted efforts of a person or people to prevent an
Internet site or service from functioning efficiently or at all,
temporarily or indefinitely. This is also known as email
bombing if via used is email. E-bay, Yahoo, Amazon suffered
from this attack.
III. COMMON REASONS OF CYBER ATTACKS
In the cyberspace more than 90 percent websites/ web
application/computer systems are vulnerable for some type of
web application attack, so cyberspace is open ground for
criminal activities for cyber criminals. Strong defense
mechanism is required for the protection of cyberspace. There
are so many reasons for the vulnerability of computers
systems few are mentioned as [10]:
A. Easy to access
Due to the heterogeneity and complexity in technology, the
computer systems are vulnerable for unauthorized access or
breach into the system. Secretly implanted logic bomb, key
loggers that can steal access codes, advanced voice recorders;
retina imagers etc. that can fool biometric systems and bypass
firewalls are the common techniques to bypass the security
system.
B. Capacity to store data in comparatively small space
The computer has unique characteristic of storing data in a
very small space that is why the removal or derivation of
information either through physical or virtual medium makes
it much easier.
C. Complexity of code
The operating systems of computers are composed of millions
of codes which may not be 100 percent secure. These laps of
security are exploited by the cyber criminals and take
advantage of these lacunas and penetrate into the computer
system.
D. Negligence
Cyber criminal exploit the human weakness and
negligence attitude while the protecting the computer system,
which in turn provides a cyber criminal to gain access and
control over the computer system.
E. Loss of evidence
Loss of evidence is a very common and obvious problem as
all the data are routinely destroyed. Further collection of data
outside the territorial extent, uncertainties about the
effectiveness of prevalent investigation techniques and
involvement of privacy concerns are also paralyses this system
of crime investigation.
IV. OVERVIEW OF CYBER SECURITY SOLUTIONS: SYSTEM
AND METHODOLOGIES
For cyber security, various states of art technologies exist in
the form of Scanners, Intrusion Prevention System (IPS),
Intrusion Detection System (IDS), Network and Application
Firewall. As most of the cyber crimes exploit the application
layer using port 80 or 443(SSL) for business communication,
these security solution/technologies do not offer a solution to
application level threats. Network firewalls are only securing
the internal network of the organizations and vulnerable to
various application attacks by the cyber criminals. These
solutions are briefly explained along with limitation:
A. Vulnerability Scanners
Web Application scanners are the automated tools which
first crawls a web application and then check its web pages in
order to find the vulnerabilities in the application by using
passive technique. In this technique the Scanners generates a
probe inputs and then check response against these input for
security vulnerabilities [11, 12].
B. Intrusion Prevention System
Intrusion Prevention systems are the software designed to
not only to detect the unauthorized access to the re-sources but
also to prevent these resources from the unauthorized access.
C. Intrusion Detection System
Intrusion detection systems (IDS) are the software
designed to detect the illegal access to the system or resources.
Signatures based Intrusion Detection Systems identify
signatures of known attacks and apply pattern matching
algorithms [13] for attack detection [14, 15, 16, 17].
Anomaly based system analyzes the input stream against
establishes profile and classifies all abnormal behavior as
malicious [19, 18, 20]. Data Mining Methods for Anomaly
Detection provide the framework for web application attacks
based on the statistical techniques [21, 22, 23].
Ontology based IDS solutions are used in information
security. Raskin et al. [24] developed the ontology for data
integrity of web recourses and advocate the use of ontology
for information security. Landwehr et al. [20] present a
categorized taxonomy of intrusion according to location,
means and genesis. Ning et al. [26] considered a hierarchical
model for the specifications of attacks and modeled the
thorough examination of attack characteristics and attributes.
McHugh [27] focused on the attacks classification according to
the protocol layer and Guha [28] emphasized upon the analysis
of each layer of the TCP/IP protocol stack to serve as the
foundation for attack taxonomy. Denker et al [29] drive the
control access through ontology developed in DAML+OIL
[30] but these ontologies have not been fully utilize due to
simple representation of attack attributes thus they are
inefficient for intrusion detection. Research [19, 25, 31, 32]
have defined the ontology for intrusion detection for network
layer attacks. suggested the new approach for designing and
developing an intrusion detection application by using
ontology. An Ontology of Information Security [33] described
the models assets, threats, vulnerabilities, countermeasures
and their relations. Research[34] focus on the utilization of
security ontology that can support the ISO/IEC 27001
certification and maintenance of security guidelines / policies.
V. EXISTING STATE OF ART CYBER SECURITY INDUSTRIAL
APPLICATIONS
A. Existing Vulnerability Scanners
Scanners basically detect the technical vulnerabilities,
business logic vulnerabilities and Architectural deficits. Few
are some important scanners [35]:
1. The Gamascans Web application scanner
Gamascans Web application scanner protects
applications and servers from cybercriminal/ hackers. It
automatically searches web application vulnerabilities and
validates security breaches against database.
2. Wapiti Wapiti
Wapiti Wapiti is a black box scanner that scans the web
pages instead of source code of the application. Wapiti can
detect the vulnerabilities of XSS, SQL injection CLRF,
Database injection and File Handling Errors. The basic
purpose of this scanner is to discover unknown vulnerabilities
in web applications.
3. Websecurif
Websecurify is open source web application security
scanners with some of the key features of extendibility,
support multiple technologies as Web Workers and HTML5,
asynchronous testing and reporting mechanisms, written in
Java Script, tool is cross plat formed and available as a MacOS
DMG package and source code.
4. Acunetix WVS
Acunetix WVS is a tool for advanced web application
testing and automatically checks web applications for
vulnerabilities such as SQL Injections, cross site scripting,
weak authentication or arbitrary file creation/deletion.
Some other commercial web scanners are AppScan,
WebInspect, Hailstorm, whereas Paros and Panteraare are
popular open source scanners. Web Scanners are mostly used
for detecting input validation. Most of the web scanners apply
fuzzing attack which is to submit random values as inputs. The
availability of client side code to the web scanners helps them
to determine the control flow, path constraints and the inner
working of the application.
B. Existing Web Application Firewall
Some well-known existing firewalls, such as Mod Security,
Secure sphere, Snort etc. are briefly discussed. Their known
strengths and weaknesses are also highlighted:-
1. Mod Security
Mod Security [36] is an open source, free web application
firewall (WAF) that works on Apache system. Main features
are simple filtering; regular expression based filtering, URL
encoding validation, Unicode encoding validation, auditing,
null byte attack prevention, upload memory limits and server
identity masking. Mod Security unable to detect [36], session
id brute forcing attack, forced browsing attack, authentication
brute forcing, HTML hidden field manipulation attack and
also lack semantics to understand the contextual nature of
attack vector.
Security group, f5 Web Application Security Manager has
mentioned the four reasons [37] to not use Mod Security.
2. Impervas Secure Sphere
Impervas Secure Sphere [38] provides solutions that
secure enterprise data centers. Secure Sphere protects
proprietary information, custom business applications, and
critical servers. It addresses phishing, identity theft, data theft,
malicious robots, worms, denial of service, and SQL injection.
It reduces web attacks, database breach, and worm infection.
According to survey of Information security [39], Secure
Sphere has high availability, preloading polices and signature
and regularity compliance features. Secure Sphere lacks
semantics to understand the context of input vector. It
sequentially searches for pattern matching with attack
signature. It also less effective for zero days attacks. Secure
Sphere required more manual intervention in configuration
[39].
3. Snort
Snort analyses IP traffic at network gateway. It provides
the signature based detection, content searching and matching.
Highly flexible, able to interact with many applications and
enterprise level firewall to prevent future attacks. It can also
integrate into multiple products. It can detect buffer overflows
attacks, stealth port scans, CGI attacks and OS fingerprinting
attempts.
Snort IDS [41] has 868+ signatures out of 1940+ for web
layer attacks. Most are for known vulnerabilities in web
servers, such as: IIS directory traversal attack and chunked
transfer encoding attacks. Out of these signatures only a few
are generic signatures for web application attacks. Snort
possesses complicated setup of signatures and only as good as
its rule set i.e. depend upon the effectiveness of rules applied.
For management problem a security expert is required. Snort
rules have to be manually updated.
4. Barracuda network application gateway
According to research information [GUFFEY,08],
Barracuda having higher capability of load balancing, high
availability, SLL acceleration and offloading, connections
pooling, coach and compression, preloading polices and
signature and regularity compliance features. Barracuda has
disappointing reporting mechanism, limited to alerts,
diagnostics and errors. It also lacks traffic shaping mechanism.
5. Breach Securitys Web Defend
According to research information [39], Web Defend having
higher availability, preloading polices and signature and
regularity compliance features. But it lack capability of load
balancing, , SLL acceleration and offloading, connections
pooling, coach and compression, and week in zero day
detection.
VI. CHALLENGES TO EXISTING SOLUTIONS
Most existing techniques are signature based, which
maintain the syntactic representation of the attack. It is
easy for an attacker to launch an attack by slight
modification of this syntactical representation of the
signature. One major challenge is how to design a system
that represents the attack with a balanced abstraction to
cater for similar variations of any particular attack.
Current Web application techniques are reactive; attacks
are detected by frequently scanning the system logs and
data; attacks are only prevented if signature of the specific
attack is present and recognized by the system (otherwise
the attack may not be detected and may compromise the
security of the system). It is necessary to design
techniques that are proactive and provide necessary
measures to prevent the exploitation of vulnerabilities that
may damage the application.
Similarly behavior based IDSs running at the application
layer are not signature based and may detect new,
previously unknown, attacks. However, in these systems,
a small deviation from the training data creates high false
positives and false negatives results. It is a challenge to
design a system that minimizes these false positives and
false negatives without requiring the training data and to
effectively detect zero day attacks.
Statistical techniques used in IDSs basically provide the
solution at network layer. This solution is not effective at
the application layer because these techniques focus on
the character distribution of the input and do not take into
account its contextual nature.
Learning based security systems generate a high level of
false positives and learning process has to be repeated
after every change in the application logic, which is a time
consuming task.
Most of the existing solutions are using primitive (but
fairly effective) static/signature based attack detection
mechanisms. No practical system has been implemented
which uses semantic analysis to data/protocols to mitigate
this problem yet. This gives birth to a challenge to apply
techniques from the field of semantic web to the area of
web application security.
VII. CONCLUSION
In the present scenario of cyberspace, every organization is
getting online for its business survival and placed its important
resources on web server that are openly available through
HTTP interface. For making these resources secure every
organization has to follow some security standards or
guidelines. Unfortunately security solutions are mostly
signature based that are static (i.e. if signature present then can
detect malicious activity otherwise not). Hence there is a need
of dynamic solution to cater upcoming vulnerabilities that are
coming on daily basis. Moreover there is a need of a semantic
solution that can understand the context of vulnerabilities
before fixing them.
REFERENCES
[1] Kshetri, N, The global cybercrime industry: economic,
institutional and strategic perspectives , Springer, 2010.
[2] Dupont A. Time to attack cybercrime with a strong security policy.
WWW page, October 2010.
[3] Steven Chabinsky, FBI Speaches, March 23, 2010
http://www.fbi.gov/news/speeches/the-cyber-threat-whos-doing-what-to-
whom.
[4] Justice, U. D., INVESTIGATION, F.B. Parents Guide to Internet
Safety. Compiler 19, 1 (1999),4.
[5] OWASP Top Ten Project. WWW page, April 2010.
[6] Whocanisue.com. Find A Cybercrime Defense Attorney. WWW page,
December 2010.
[7] Nelson, B. Cybercrime Defined. WWW page, April 2009.
[8] Grpoup, D. Cyber Crime: New Challenge to Mankind Society,
Introduction to the Nature of Cyber Crime and its Investigation Process.
WWW page, January 2011.
[9] Zala, B. and Rogers, P. The OtherGlobal Security Challenges, The
RUSI Journal, volume 156, number 4, pages 26--33, Taylor& Francis,
2011.
[10] Pati, C. CYBER CRIME by Parthasarathi Pati. WWW page, April
2011.
[11] Fong, E. and Gaucher, R. Building a Test Suite for Web Application
Scanners. In hicss (2008), IEEE Computer Society, p. 479.
[12] Fong, E., and Okun, V. Web Application Scanners: Definitions and
Functions. In System Sciences, 2007. HICSS 2007. 40th Annual
Hawaii International Conference on (2007), IEEE, pp. 280b 280b.
[13] Boyer, R., and Moore, J. A fast string searching algorithm.
Communications of the ACM 20, 10 (1977), 762772.
[14] Guha, B., and Mukherjee, B. Network security via reverse engineering
of TCP code: vulnerability analysis and proposed solutions. Network,
IEEE 11, 4 (1997), 4048.
[15] Ryutov, T., Neuman, C., Kim, D., And Zhou, L. Integrated access
control and intrusion detection for web servers. IEEE transactions on
parallel and distributed systems (2003), 841850.
[16] Roesch, M. et al. Snort lightweight intrusion detection for networks. In
Proceedings of the 13th USENIX conference on System administration
(1999), Seattle, Washington, pp. 229238.
[17] Zhao, X., and Prakash, A. WSF: An HTTP level Firewall for Hardening
Web Servers. In Parallel and Distributed Computing and Systems
Proceedings of the 17
th
IASTED International Conference (2005),
Citeseer.
[18] Anitha A., and Vaidehi, V.: Context based Application Level
Intrusion Detection. Proceedings of International conference on
Networking and Services (ICNS06) (2006), IEEE.
[19] Razzaq, A., Hur, A., Masood, M., Latif, K., Ahmad, H., And Takahashi,
H. Foundation of Semantic Rule Engine to Protect Web Application
Attacks. In Autonomous Decentralized Systems (ISADS), 2011 10th
International Symposium on, IEEE, pp. 95102.
[20] Landwehr, C., Bull, A., Mcdermott, J., And Choi, W. Taxonomy of
computer program security flaws. ACM Computing Surveys (CSUR)
26, 3 (1994), 211254.
[21] Xiao-Feng Wang, Jing-Li Zhou, S. S. Y., And Cai, L. Z. Data Mining
Methods for Anomaly Detection of HTTP Request Exploitations. In
Proceedings of Springer Verlag Berlin Heidelberg 2005 (2005),
Springer.
[22] Reddyl, Y.B. R. G. Intrusion Detection using Data Mining Techniques.
In Proceedings of Artificial Intelligence and Applications (AIA-2004)
(2004), pp. 232241.
[23] Serazi, M., Perera, A., Ding, Q., Malakhov, V., and Perrizo, W.
Multi Layered framework for distributed data mining. In proceedings
of the 13th International Conference on Intelligent & Adaptive
Systems and Software Engineering (IASSE04), Nice, France
(2004),Citeseer.
[24] Raskin V., C.F. Hempelmann, K.E. Triezenberg, Nirenburg, Ontology
in Information Security: A Useful Theoretical Foundation and
Methodological Tool, Proceedings of the 2001 Workshop on New
Security Paradigms (NSPW-2001), pp. 53-59, 2001.
[25] Razzaq, A., Ahmed, H., Hur, A., and Haider, N. Ontology
based application level intrusion detection system by using
Bayesian filter. The Computer, Control and Communication,
2009. IC4 2009. 2nd International Conference on, IEEE, pp.16.
[26] Ning, P., Jajodia, S., and Wang, X. Abstraction based intrusion
detection in distributed environments. ACM Transactions on
Information and System Security (TISSEC) 4, 4 (2001), 407 452.
[27] Mchugh, J.: Intrusion and intrusion detection. International Journal
of Information Security 1, 1 (2001), 1435.
[28] Lough, D. A taxonomy of computer attacks with applications to
wireless networks. PhD thesis, 2001.
[29] Denker, G., Kagal, L., Finin, T., Paolucci, M., and Sycara, K. Security
for daml web services: Annotation and matchmaking. The Semantic
Web ISWC 2003 (2003), 335350.
[30] Daml.Org, Daml,Oil. WWW page, December 2000.
[31] John, J., Pinkston, J., Joshi, A., and Finin, T. A. Target Centric
Ontology for Intrusion Detection. In proceeding of the IJCAI-03
Workshop on Ontologies and Distributed Systems. Acapulco, August 9
th (2004), Citeseer.
[32] Bartel M., Boyer, J., Fox, B., Lamacchia, B., and Simon, E.: XML-
signature syntax and processing. W3C recommendation 12 (2002),
2002.
[33] Herzog, A., Shahmehri, N., and Duma, C. An ontology of information
security.
[34] Fenz, S., and Weippl, E. Information Security Fortification by
Ontological Mapping of the ISO/IEC 27001 Standard, 2008.
[35] Securitytoollist.com. Vulnerability Scanners. WWW page, July 2011.
[36] ModSecurity. Mod Security: Open Source Web Application Firewall.
WWW page, Apr 2011.
[37] F5 Networks. Four reasons not to use ModSecurity. WWW page, July
2008.
[38] Imperva. Secure Sphere The First Dynamic Profiling Firewall. WWW
page, April 2011.
[39] Guffey, M. Business communication: Process and product. Cengage
Learning, 2008.
[40] Mitchell, B. firewall. WWW page, July 2011.
[41] Mookhey, K. K.: Detection and Evasion of Web Application Attacks.
WWW page, Jun 2004.
[42] Beechey J. Web Application Firewalls: Defense in Depth for Your Web
Infrastructure. WWW page, March 2009.