{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T06:27:29Z","timestamp":1775024849461,"version":"3.50.1"},"reference-count":32,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2014,11,10]],"date-time":"2014-11-10T00:00:00Z","timestamp":1415577600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,11,10]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. <\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n \u2013 Data limitation. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/imcs-02-2013-0007","type":"journal-article","created":{"date-parts":[[2014,10,30]],"date-time":"2014-10-30T09:09:22Z","timestamp":1414660162000},"page":"431-449","source":"Crossref","is-referenced-by-count":29,"title":["Using response action with intelligent intrusion detection and prevention system against web application malware"],"prefix":"10.1108","volume":"22","author":[{"given":"Ammar","family":"Alazab","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Hobbs","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jemal","family":"Abawajy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ansam","family":"Khraisat","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mamoun","family":"Alazab","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020122723243451300_b1","doi-asserted-by":"crossref","unstructured":"Alazab, A.\n , \n Abawajy, J.\n and \n Hobbs, M.\n (2013), \u201cWeb malware that target web application\u201d, \n Social Network Engineering for Secure Web Data and Services\n , IGI Global, Hershey, PA, pp. 248-264.","DOI":"10.4018\/978-1-4666-3926-3.ch012"},{"key":"key2020122723243451300_b4","doi-asserted-by":"crossref","unstructured":"Alazab, A.\n , \n Hobbs, M.\n , \n Abawajy, J.\n and \n Alazab, M.\n (2012), \u201cUsing feature selection for intrusion detection system\u201d, 2012 International Symposium on Communications and Information Technologies (ISCIT), Gold Coast, pp. 296-301.","DOI":"10.1109\/ISCIT.2012.6380910"},{"key":"key2020122723243451300_b17","doi-asserted-by":"crossref","unstructured":"Alazab, M.\n , \n Ventatraman, S.\n , \n Watters, P.\n , \n Alazab, M.\n and \n Alazab, A.\n (2011a), \u201cCybercrime: the case of obuscated malware\u201d, in 7th International Conference on Global Security, Safety & Sustainability, Thessaloniki.","DOI":"10.1007\/978-3-642-33448-1_28"},{"key":"key2020122723243451300_b18","unstructured":"Alazab, M.\n , \n Venkatraman, S.\n , \n Watters, P.\n and \n Alazab, M.\n (2011b), \u201cZero-day malware detection based on supervised learning algorithms of API call signatures\u201d, Australasian Data Mining Conference (AusDM 11), Ballarat, pp. 171-182."},{"key":"key2020122723243451300_b19","unstructured":"Corporation, M.\n (2003), \u201cImproving web application security: threats and countermeasures\u201d, available at: http:\/\/msdn.microsoft.com\/en-us\/library\/ff648644.aspx"},{"key":"key2020122723243451300_b20","unstructured":"Corporation, M.\n (2012), \u201cCommon vulnerabilities and exposures\u201d, available at: http:\/\/cve.mitre.org\/"},{"key":"key2020122723243451300_b11","unstructured":"Cole, E.\n (2011), \n Network Security Bible\n , Wiley, Vol. 768."},{"key":"key2020122723243451300_b21","doi-asserted-by":"crossref","unstructured":"Cova, M.\n , \n Balzarotti, D.\n , \n Felmetsger, V.\n and \n Vigna, G.\n (2007), \u201cSwaddler: an approach for the anomaly-based detection of state violations in web applications\u201d, Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID), Queensland, 5-7 September, pp. 63-86.","DOI":"10.1007\/978-3-540-74320-0_4"},{"key":"key2020122723243451300_b23","unstructured":"Dagorn, N.\n (2008), \u201cWebIDS: a cooperative bayesian anomaly-based intrusion detection system for web applications (Extended Abstract)\u201d, \n Recent Advances in Intrusion Detection\n , Springer Berlin, Heidelberg pp. 392-393."},{"key":"key2020122723243451300_b15","doi-asserted-by":"crossref","unstructured":"Davis, J.J.\n and \n Clark, A.J.\n (2011), \u201cData preprocessing for anomaly based network intrusion detection: a review\u201d, \n Computers & Security\n , Vol. 30 Nos 6\/7, pp. 353-375.","DOI":"10.1016\/j.cose.2011.05.008"},{"key":"key2020122723243451300_b14","doi-asserted-by":"crossref","unstructured":"Elshoush, H.T.\n and \n Osman, I.M.\n (2011), \u201cAlert correlation in collaborative intelligent intrusion detection systems \u2013 a survey\u201d, \n Applied Soft Computing\n , Vol. 11 No. 7, pp. 4349-4365.","DOI":"10.1016\/j.asoc.2010.12.004"},{"key":"key2020122723243451300_b16","unstructured":"Faysel, M.A.\n and \n Haque, S.S.\n (2010), \u201cTowards cyber defense: research in intrusion detection and intrusion prevention systems\u201d, \n International Journal of Computer Science and Network Security\n , Vol. 10 No. 7, pp. 316-325."},{"key":"key2020122723243451300_b25","doi-asserted-by":"crossref","unstructured":"Garc\u00eda-Teodoro, P.\n , \n D\u00edaz-Verdejo, J.\n , \n Maci\u00e1-Fern\u00e1ndez, G.\n and \n V\u00e1zquez, E.\n (2009), \u201cAnomaly-based network intrusion detection: techniques, systems and challenges\u201d, \n Computers & Security\n , Vol. 28 Nos 1\/2, pp. 18-28.","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"key2020122723243451300_b28","unstructured":"Gordeychik, S.\n (2010), \u201cWeb application security statistics\u201d, available at: www.Webappsec.org\/projects\/statistics\/"},{"key":"key2020122723243451300_b29","doi-asserted-by":"crossref","unstructured":"Horng, S.J.\n , \n Su, M.Y.\n , \n Chen, Y.H.\n , \n Kao, T.W.\n , \n Chen, R.J.\n , \n Lai, J.L.\n and \n Perkasa, C.D.\n (2011), \u201cA novel intrusion detection system based on hierarchical clustering and support vector machines\u201d, \n Expert Systems with Applications\n , Vol. 38 No. 1, pp. 306-313.","DOI":"10.1016\/j.eswa.2010.06.066"},{"key":"key2020122723243451300_b6","unstructured":"Jaiswal, A.\n and \n Jain, S.\n (2010), \u201cDatabase intrusion prevention cum detection system with appropriate response\u201d, \n International Journal of Information Technology\n , Vol. 2 No. 2, pp. 651-656."},{"key":"key2020122723243451300_b8","unstructured":"Kruegel, C.\n and \n Vigna, G.\n (2008), \u201cAnomaly detection of web-based attacks\u201d, CCS\u201903 Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, 27-31 October, pp. 251-261."},{"key":"key2020122723243451300_b34","doi-asserted-by":"crossref","unstructured":"Maggi, F.\n , \n Robertson, W.\n , \n Kruegel, C.\n and \n Vigna, G.\n (2009), \u201cProtecting a moving target: addressing web application concept drift\u201d, \n Recent Advances in Intrusion Detection\n , Springer Berlin, Heidelberg, pp. 21-40.","DOI":"10.1007\/978-3-642-04342-0_2"},{"key":"key2020122723243451300_b31","unstructured":"Robertson, W.K.\n (2010), \u201cDetecting and preventing attacks against web applications\u201d, PhD Dissertation, University of California at Santa Barbara, Santa Barbara, CA."},{"key":"key2020122723243451300_b32","unstructured":"Robertson, W.\n , \n Maggi, F.\n and \n Vigna, C.K.G.\n (2010), \u201cEffective anomaly detection with scarce training data\u201d, Proceedings of the Network and Distributed System Security Symposium (NDSS)."},{"key":"key2020122723243451300_b22","unstructured":"Roesch, M.\n (1999), \u201cSnort-lightweight intrusion detection for networks\u201d, Proceedings of the 13th USENIX Conference on System Administration, Seattle, Washington, 7-12 November, pp. 229-238."},{"key":"key2020122723243451300_b26","doi-asserted-by":"crossref","unstructured":"Sadoddin, R.\n and \n Ghorbani, A.A.\n (2009), \u201cAn incremental frequent structure mining framework for real-time alert correlation\u201d, \n Computers & Security\n , Vol. 28 Nos 3\/4, pp. 153-173.","DOI":"10.1016\/j.cose.2008.11.010"},{"key":"key2020122723243451300_b27","doi-asserted-by":"crossref","unstructured":"Sekar, R.\n , \n Bendre, M.\n , \n Dhurjati, D.\n and \n Bollineni, P.\n (2001), \u201cA fast automaton-based method for detecting anomalous program behaviors\u201d, Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 144-155.","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"key2020122723243451300_b7","unstructured":"Shameli-Sendi, A.\n , \n Ezzati-Jivan, N.\n , \n Jabbarifar, M.\n and \n Dagenais, M.\n (2012), \u201cIntrusion response systems: survey and taxonomy\u201d, \n International Journal of Computer Science Network Security\n , Vol. 12 No. 1, pp. 1-14."},{"key":"key2020122723243451300_b30","unstructured":"SPADE, \u201cSilicon defense\u201d, \n available at: www.silicondefense.com\/software\/spice\/"},{"key":"key2020122723243451300_b24","doi-asserted-by":"crossref","unstructured":"Stakhanova, N.\n , \n Basu, S.\n and \n Wong, J.\n (2007), \u201cA taxonomy of intrusion response systems\u201d, \n International Journal of Information and Computer Security\n , Vol. 1 Nos 1\/2, pp. 169-184.","DOI":"10.1504\/IJICS.2007.012248"},{"key":"key2020122723243451300_b5","doi-asserted-by":"crossref","unstructured":"Taha, A.E.\n , \n Ghaffar, I.A.\n , \n Bahaa Eldin, A.M.\n and \n Mahdi, H.M.\n (2010), \u201cAgent based correlation model for intrusion detection alerts\u201d, 2010 IEEE International Conference on Intelligence and Security Informatics (ISI), Vancouver, pp. 89-94.","DOI":"10.1109\/ISI.2010.5484771"},{"key":"key2020122723243451300_b36","doi-asserted-by":"crossref","unstructured":"Tavallaee, M.\n , \n Bagheri, E.\n , \n Lu, W.\n and \n Ghorbani, A.A.\n (2009), \u201cA detailed analysis of the KDD CUP 99 data set\u201d, Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009.","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"key2020122723243451300_b13","doi-asserted-by":"crossref","unstructured":"Vigna, G.\n and \n Kemmerer, R.A.\n (1999), \u201cNetSTAT: a network-based intrusion detection system\u201d, \n Journal of Computer Security\n , Vol. 7 No. 1, pp. 37-72.","DOI":"10.3233\/JCS-1999-7103"},{"key":"key2020122723243451300_b12","doi-asserted-by":"crossref","unstructured":"Vigna, G.\n , \n Valeur, F.\n , \n Balzarotti, D.\n , \n Robertson, W.\n , \n Kruegel, C.\n and \n Kirda, E.\n (2009), \u201cReducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries\u201d, \n Journal of Computer Security\n , Vol. 17 No. 3, pp. 305-329.","DOI":"10.3233\/JCS-2009-0321"},{"key":"key2020122723243451300_b10","doi-asserted-by":"crossref","unstructured":"Wu, D.\n and \n Mendel, J.M.\n (2011), \u201cLinguistic summarization using IF\u2013THEN rules and interval type-2 fuzzy sets\u201d, \n IEEE Transactions on Fuzzy Systems\n , Vol. 19 No. 1, pp. 136-151.","DOI":"10.1109\/TFUZZ.2010.2088128"},{"key":"key2020122723243451300_frd1","unstructured":"Alazab, A.\n , \n Alazab, M.\n , \n Abawajy, J.\n and \n Hobbs, M.\n (2011), \u201cWeb application protection against SQL injection attack\u201d, Proceedings of the 7th International Conference on Information Technology and Applications, Hershey, PA, pp. 1-7."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/IMCS-02-2013-0007","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-02-2013-0007\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-02-2013-0007\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:50:44Z","timestamp":1753393844000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/22\/5\/431-449\/186947"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,10]]},"references-count":32,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2014,11,10]]}},"alternative-id":["10.1108\/IMCS-02-2013-0007"],"URL":"https:\/\/doi.org\/10.1108\/imcs-02-2013-0007","relation":{},"ISSN":["0968-5227"],"issn-type":[{"value":"0968-5227","type":"print"}],"subject":[],"published":{"date-parts":[[2014,11,10]]}}}