Discovering fuzzy association rule patterns and increasing sensitivity analysis of XML-related attacks

Most active research in Host and Network-based Intrusion Detection (ID) and Intrusion Prevention (IP) systems are only able to detect and prevent attacks of the computer systems and attacks at the Network Layer. They are not adequate to countermeasure XML-related attacks. Furthermore, although research have been conducted to countermeasureWeb application attacks, they are still not adequate in countering SOAP or XML-based attacks. In this paper, a predictive fuzzy association rule model aimed at segregating known attack patterns (such as SQL injection, buffer overflow and SOAP oversized payload) and anomalies is developed. First, inputs are validated using business policies. The validated input is then fed into our fuzzy association rule model (FARM). Consequently, 20 fuzzy association rule patterns matching input attributes with 3 decision outcomes are discovered with at least 99% confidence. These fuzzy association rule patterns will enable the identification of frequently occurring features, useful to the security administrator in prioritizing which feature to focus on in the future, hence addressing the features selection problem. Data simulated using a Web service e-commerce application are collected and tested on our model. Our model’s detection or prediction rate is close to 100% and false alarm rate is less than 1%. Compared to other classifiers, our model’s classification accuracy using random forests achieves the best results with RMSE close to 0.02 and time to build the model within 0.02 s for each data set with sample size of more than 600 instances. Thus, our novel fuzzy association rule model significantly provides a viable added layer of security protection for Web service and Business Intelligence-based applications. & 2012 Elsevier Ltd. All rights reserved.