The Threat Detection Framework for Securing Semantic Web Services

Abstract

Security is a necessary aspect of modern life for organizations and individuals who use the semantic web to provide various services. Semantic web applications are being used as a portal to communicate with back-end database systems and to support business processes. The confidential and personal information of any organization is stored on these systems. Access Control ensures that the requesting user has to meet certain criteria to access these systems. In most cases, it has been observed that access control only provides protection against external threats. There is no provision for detecting internal attacks. Therefore, there is a need for a mechanism that can be able to detect the malicious behaviour of previously authorized users. This paper proposes two algorithms to detect anomalous behaviour performed by the legitimate insider. During training phase, the first algorithm will create the query signature of each incoming query submitted by the legitimate insider. It also estimates the amount of data that can be extracted by the submitted query and includes in the query signature. The second algorithm will detect incongruous data extraction from the database by comparing the current query signature with the previous signature. If both signatures are identical, the query is considered safe for execution. Otherwise, the query will be considered as threat. In this paper, efforts are being made to give details of the security structure on the semantic web service.