Context based Application Level Intrusion Detection System

In today's interconnected networks, intrusion detection systems (IDSs), encryption devices and firewalls are crucial in providing a complete security solution. As network security has become a growing concern, system administrators lock down their networks by blocking traffic through certain ports and allowing traffic via only selected authorized ports such as HTTP. A recent survey has indicated that around 80 percent of attacks originate in the application layer. In this paper, a framework has been proposed to detect complex application level attacks that easily eludes packet level inspection solution. The proposed method enhances detection capability by performing application-level protocol analysis using semantic classification tree technique. The protocol analysis method extracts only specific fields of the protocol thereby providing significant search space reduction. The grammar based semantic processing method provides a higher level of abstraction and scalability and is a suitable option to improve detection accuracy