Design Challenges and Assessment of Modern Web Applications Intrusion Detection and Prevention Systems (IDPS)

Abstract

Intrusion detection and prevention systems (IDPS) are primarily designed to observe, detect and prevent malicious activity on the network. However, the characteristics of traditional network attacks are very different from those of web attacks. The first targets the network layer while the second focuses on the weaknesses of the application layer of the TCP/IP stack. The aim of this paper is to present the essential information on IDPS exclusively proposed for web applications in order to contribute to the design of secure and efficient IDPS. To do this, first, we present a comprehensive study of intrusion detection and prevention systems. Second, we identify several specific challenges that make it difficult for an IDPS to monitor and detect web attacks. Finally, we evaluate four of the most deployed open-source IDPS, namely AppSensor, ModSecurity, Shadow Daemon, and AQTRONIX WebKnight. The assessment is based on security features that a web IDPS must incorporate in order to surpass the identified IDPS challenges. The results show that none of the evaluated IDPS integrates all the required security features.