Journal of Computer Applications ›› 2011, Vol. 31 ›› Issue (06): 1515-1520.DOI: 10.3724/SP.J.1087.2011.01515

• Information security • Previous Articles     Next Articles

Research of Web Services attack detection based on ontology

CHEN Jun,WU Lifa,XU Guanghui,HE Zhengqiu,HUNAG Kangyu   

  1. Institute of Command Automation, PLA University of Science and Technology, Nanjing Jiangsu 21007, China
  • Received:2010-12-15 Revised:2011-01-27 Online:2011-06-20 Published:2011-06-01
  • Contact: CHEN Jun

基于本体的Web服务攻击检测技术研究

陈军,吴礼发,胥光辉,贺正求,黄康宇   

  1. 解放军理工大学 指挥自动化学院,南京 210007
  • 通讯作者: 陈军
  • 作者简介:陈军(1986-),男,四川乐至人,硕士研究生,主要研究方向:网络安全、Web服务;吴礼发(1968-),男,湖北蕲春人,教授,博士,主要研究方向:网络安全;胥光辉(1970-),男,安徽马鞍山人,副教授,博士,主要研究方向:软件工程;贺正求(1980-),男,湖南益阳人,博士研究生,主要研究方向:Web服务、网络安全;黄康宇(1985-),男,江西上高人,助教,硕士,主要研究方向:网络安全。
  • 基金资助:
    江苏省自然科学基金资助项目

Abstract: Web service greatly facilitates the application-to-application integration based on heterogeneous platform, but its core components are faced with threats of malicious attacks. Currently, the Intrusion Detection System (IDS) is usually used to prevent these attacks. However, the IDSs distributed throughout the network may be developed by different vendors and there is not a common vocabulary understandable among them. Therefore, the IDSs stopped people from cooperatively preventing the multi-phased and distributed attacks easily. In this paper, a new method based on ontology and OWL to classify and describe the Web services attack was presented. Through constructing a Web services attack ontology, the common understandable vocabulary could be provided for different IDSs. Then, an intrusion detection system based on the Web Service Attack ontology (called O-IDS) was presented as well, which could efficiently overcome the shortage of the existed IDS and enhance the ability to detect the multi-phased and distributed attacks.

Key words: Web Services, attack, Intrusion Detection System (IDS), ontology

摘要: Web服务在给基于异构平台的应用集成带来极大便利的同时,各核心组件也面临着被恶意攻击的威胁。目前,主要依靠入侵检测系统(IDS)来检测这些攻击,但是分布在网络中的IDS往往是由不同的厂商或组织开发的,没有用于交换知识的可被共同理解的词汇集,难以交互和协作,工作效率低且很难抵御多层次、分布式攻击。提出了一种基于本体和Web本体标准语言(OWL)的Web服务攻击分类和描述方法,通过构建Web服务攻击本体以提供不同IDS共同理解的词汇集。在此基础上,设计了一种基于Web服务攻击本体库的入侵检测系统(O-IDS),能有效弥补现有IDS难以交互的不足,提高对多层次、分布式攻击的检测能力。

关键词: Web服务, 攻击, 入侵检测系统, 本体

CLC Number: