IR Report (Chan Chun Yew Tp057374)

CHAN CHUN YEW INVESTIGATION REPORT TP057374
Intrusion Detection and Prevention System (IDPS) for Web Application

By
CHAN CHUN YEW
TP057374
APD3F205IT(NC)
A project submitted in partial fulfillment of the requirements of Asia Pacific

University of Technology and Innovation for the degree of
BSc(Hons) in IT specialism Network Computing
Supervised by Mr. YOGESWARAN NATHAN
2nd Marker: Ms. NORIS ISMAIL
Aug-2023
1
Acknowledgement
First of all, I would like to thank Asia Pacific University of Technology & Innovation for
presenting us with an opportunity to run a project as one of the final year projects. I'd like to
thank my supervisor, Mr. Yogeswaran Nathan, for making helpful suggestions for improving my
document. Without his support, the projects, including the Project Proposal Form, Project
Specification Form, and Investigation Report, might not have delivered great content. He was
pointing out my mistakes so that I could improve myself.
Secondly, I would like to thank my parents who provided me with the ability to continue my
studies at university. Without their support, it would have been difficult to focus on producing
this investigative report. Last but not least, I want to thank myself for having a healthy body
during the pandemic so that I can complete this project on time.
2
Table of Contents
Acknowledgement.........................................................................................................................................2
CHAPTER 1: INTRODUCTION TO THE STUDY.....................................................................................5
1.1 Background to the project..............................................................................................................5
1.2 Problem context.............................................................................................................................6
1.3 Rationale........................................................................................................................................7
1.4 Potential Benefits.................................................................................................................................7
1.4.1 Tangible benefits...........................................................................................................................7
1.4.2 Intangible benefits.........................................................................................................................8
1.5 Target users..........................................................................................................................................9
1.6 Scope and Objectives.........................................................................................................................10
1.6.1 Aims............................................................................................................................................10
1.6.2 Objectives...................................................................................................................................10
1.6.3 Deliverables – Functionality of the proposed system.................................................................11
1.6.4 Nature of Challenges...................................................................................................................11
1.7 Overview of this Investigation report............................................................................................12
1.8 Project Plan....................................................................................................................................14
CHAPTER 2: LITERATURE REVIEW.....................................................................................................17
2.1 Introduction........................................................................................................................................17
2.2 Domain research................................................................................................................................18
2.2.1 Types of the IDPS.......................................................................................................................18
2.3 Similar System (with similar features)..............................................................................................21
2.3.1 Snort................................................................................................................................................22
2.3.2 Suricata...........................................................................................................................................23
2.3.3 Security Onion................................................................................................................................24
2.3.4 Comparison of Chosen Similar Systems........................................................................................24
2.4 Summary............................................................................................................................................25
CHAPTER 3: TECHNICAL RESEARCH..................................................................................................26
3.1 Introduction........................................................................................................................................26
3.2 Programming Language Chosen........................................................................................................26
3.3 IDE(Interactive Development Environment) Chosen........................................................................28
3.4 Libraries / Framework Chosen...........................................................................................................29
3.4.1 Bootstrap.........................................................................................................................................29
3.4.2 jQuery.............................................................................................................................................30
3
3.5 Database Management System Chosen.............................................................................................31

3.5.1 Justification of chosen my SQL......................................................................................................32
3.6 Operating System Chosen..................................................................................................................32
3.7 Web Browser......................................................................................................................................33
3.8 Summary............................................................................................................................................33
CHAPTER 4: SYSTEM DEVELOPMENT METHODOLOGY................................................................34
4.1 Introduction........................................................................................................................................34
4.2 Methodology Selection......................................................................................................................34
4.2.1 Scrum Methodology....................................................................................................................34
4.2.2 Waterfall Methodology...............................................................................................................37
4.3 Comparison of Methodologies...........................................................................................................39
4.4 Justification on Chosen Methodology...............................................................................................40
4.5 Implementation of the Selected Methodology...................................................................................40
4.6 Summary............................................................................................................................................41
CHAPTER 5 RESEARCH METHODS......................................................................................................42
5.1 Introduction..................................................................................................................................42
5.2 Quantitative Paradigm: Questionnaire.........................................................................................42
5.3 Questionnaires Design.................................................................................................................43
5.4 Summary......................................................................................................................................50
CHAPTER 6: REQUIREMENTS VALIDATION......................................................................................51
6.1 Introduction..................................................................................................................................51
6.2 Analysis of Data Collected through Questionnaire............................................................................51
6.2 Summary......................................................................................................................................63
CHAPTER 7: CONCLUSION AND REFELECTIONS.............................................................................64
References................................................................................................................................................65
Appendices...............................................................................................................................................67
Project Proposal Form (PPF)...............................................................................................................67
Project Specification Form (PSF)........................................................................................................73
Fast Track Ethical Approval Form.......................................................................................................78
Project Log Sheet.................................................................................................................................82
Gantt Chart...........................................................................................................................................85
4
CHAPTER 1: INTRODUCTION TO THE STUDY

1.1 Background to the project
Nowadays, we live in an environment full of technology that has made everything more
convenient. We can use our smartphones to connect with others, browse social media, and shop
on e-commerce websites (Pitichat, 2013). In addition, we can use tracking codes to trace
packages after online purchases.Web applications have become the backbone of modern
businesses, facilitating communication, transactions, and interactions between organizations and
their customers. However, this extensive reliance on web applications has also attracted cyber
threats that put sensitive data, intellectual property, and user privacy at risk. As Web application
attacks become more sophisticated and prevalent, it is critical to ensure the security and
resilience of Web-based systems.
To address these evolving cyber threats, this task aims to explore the implementation of an
Intrusion Detection and Prevention System (IDPS) in Web applications. IDPS is a
comprehensive security solution designed to proactively monitor, detect and block malicious
activity, enhancing the integrity and availability of Web applications against potential cyber
attacks.
5
1.2 Problem context

In the digital realm, web applications have become an essential part of modern organizations,
providing services, data access, and interaction with users. However, the growing reliance on
web applications has also made them a prime target for cyber attackers to exploit vulnerabilities
and compromise sensitive data. Sophisticated cyber threats, including SQL injection, cross-site
scripting (XSS), and distributed denial-of-service (DDoS) attacks, pose significant risks to the
confidentiality, integrity, and availability of web applications.
The context of the problem is the need to protect web applications from ever-changing cyber
threats. Traditional security measures such as firewalls and antivirus solutions alone are not
sufficient to defend against advanced attacks specifically targeting web applications. In the
absence of an integrated security solution, web applications can be easily exploited, leading to
potential data breaches, financial losses and reputational damage.
To address these challenges, there is a need for an integrated intrusion detection and prevention
system (IDPS) that is specifically tailored to the unique security requirements of web
applications. The IDPS acts as a vigilant guardian, continuously monitoring network traffic and
application activity, detecting and responding to anomalous or malicious behavior in real time.
By identifying and preventing security breaches, IDPS provides an additional layer of defense
that strengthens the overall security posture of web applications.
6
1.3 Rationale
According to the above problem statement, Intrusion Detection and Prevention System (IDPS)
plays a very important role in a network system. I will be utilizing my own web application to
implement the functionality of IDPS, which is a software that monitors specified web
applications for user actions. By using IDPS to protect web applications, user security will be
greatly increased. Although the likelihood of anyone experiencing an attack is very small,
prevention is very important for the security of one's privacy.
1.4 Potential Benefits

1.4.1 Tangible benefits
 IDPS proactively monitors network traffic and application activity for early detection of
potential security threats and attacks. This greatly reduces the risk of data leakage and
protects users' sensitive information from being leaked.
 IDPS detects and blocks a variety of attacks such as SQL injection, cross-site scripting
(XSS) and DDoS attacks. Prevent malicious actors from exploiting vulnerabilities in your
application, ensuring its continued availability and functionality.
 IDPS identifies patterns of unusual behavior in web application traffic, such as unusual
traffic spikes or unauthorized access attempts.
 IDPS provides detailed security event logs and reports. Many industries and regulatory
frameworks require organizations to implement security measures, including intrusion
detection and prevention.
 Modern IDPS systems use advanced analytics and machine learning techniques to reduce
false positives. This ensures that legitimate user traffic is not blocked unnecessarily, thus
maintaining the availability of web applications and the user experience.
 IDPS detects and blocks attacks against known vulnerabilities in web applications,
reducing the risk of a successful attack.
7
1.4.2 Intangible benefits

 Effective implementation of IDPS helps prevent successful attacks and data breaches.
Protect sensitive customer information and ensure the availability of web applications.
Allows organizations to protect their reputation and build trust with users and
stakeholders.
 Secure and trusted web applications increase customer loyalty and retention when
customers and users know that the web application is well protected by IDPS.
 IDPS prevents successful attacks and reduces the likelihood of web application downtime
due to security incidents. This improves business continuity and minimizes the potential
loss of revenue due to prolonged service interruptions.
 IDPS can act as an early warning system, notifying security teams of potential threats
before they escalate. This proactive approach allows organizations to address
vulnerabilities and potential risks in a timely manner, reducing the likelihood of serious
security incidents.
 IDPS generates detailed logs and alerts that can help security teams with incident
handling and response. These insights enable faster and more effective containment and
resolution of incidents, minimizing the impact of security breaches.
 In today's digital environment, security is a key factor for customers to consider when
choosing a service or product. Organizations with a strong IDPS and a good reputation
for security can gain a competitive advantage.
8
1.5 Target users

Register User
 Protect against phishing attacks, website kidnapping, or other forms of attack.

 Block unauthorized access or potential data theft.
 Monitor and detect abnormal login behavior to protect regular users from unauthorized
access to their accounts.
 Send alerts to warn users of possible security threats or unusual behavior.
 Protecting users' personal and financial information to prevent potentially sensitive data
leakage.
 Detecting and blocking Denial of Service (DoS) attacks to ensure that ordinary users can
access and use Web applications without problems.
Admin
 Can manage the access of other users.

 Real-time security events and alerts can be viewed using IDS's monitoring console.
 Can setup and configure IDS.
9
1.6 Scope and Objectives

1.6.1 Aims
In web application security related to PHP and HTML, the purpose of IDPS (Intrusion Detection
and Prevention System) is to enhance the overall security posture of the web application and
protect it from various threats and attacks.
1.6.2 Objectives
 Monitor and detect potential security threats in real time. Analyze incoming traffic,
requests, and data for signs of suspicious or malicious activity.
 Identify unusual patterns or behaviors that deviate from normal usage such as unusual
traffic spikes, unexpected data patterns, or unauthorized access attempts.
 Uses known patterns or signatures of known attacks to identify and block similar
malicious activity.
 Alert security personnel or administrators in a timely manner when suspicious activity is
detected. Rapid response and mitigation of potential threats.
 Continuously monitor applications for potential threats and adapt to changing attack
vectors.
 Monitor user activity to detect potential insider threats or unauthorized access.
10
1.6.3 Deliverables – Functionality of the proposed system

An IDS is a complex system that typically involves multiple components, including database
management, server-side scripting, and security algorithms. However, it is possible to outline the
core functionality of an IDS system and how HTML and PHP play a role in some aspects.
For the IDPS system will be able to deliver real-time monitoring to capture and analyze web
application traffic in real-time, such as user logins, attempted attacks, and suspicious activities
web application events are logged into a database. Reports and analyses can be generated based
on the data stored in the database.
Alerts when any abnormal pattern is detected. When IDS detects suspicious activity, PHP scripts
can generate alerts and store them in the database. Can be used to create a notification
component in the user interface to display alerts to administrators.
Manage blacklists and whitelists of IP addresses or user agents. When suspicious activity is
detected, the offending IP can be added to the blacklist to block further access.
1.6.4 Nature of Challenges

First and foremost, the user experience will determine the success or failure of this web
application.HTML and PHP are mainly used for front-end and server-side processing
respectively. Real-time monitoring of web application traffic using these technologies is
challenging due to the stateless nature of these technologies and limited continuous monitoring
capabilities. Storing and managing large amounts of web application traffic data for analysis is
resource intensive. Efficiently processing and querying this data in PHP is also a challenge. As
web application traffic and complexity increase, IDPS needs to scale accordingly. Ensuring that
an IDPS built with HTML and PHP can handle the growing traffic and analytics requirements is
a major challenge.
11
1.7 Overview of this Investigation report

Chapter 1
The purpose of this chapter is to define the purpose of the presentation project and make it easier
for people to understand the main goals and vision related to the topic. First, the project
background and problem background explain various basic and important information. In
addition, relationships and potential interests provided more impetus to implement the project.
The project scope will be described, including goals, objectives, and deliverables. The nature of
the challenge will also be outlined. A project plan will be developed at the end of this chapter to
ensure that the investigation report is completed within the stipulated time.
Chapter 2
This chapter discusses research conducted in previous studies while discussing project-related
topics such as software deployment types and deployment issues and project issues. This
research can be found in various academic resources such as journals, books, or verified
websites. In addition, the analysis of similar systems currently available on the market is also
evaluated by a comparative analysis of the characteristics and weaknesses of similar systems.
Chapter 3
This chapter is to discuss the technical requirement and tools utilized for the development. The
comparison tools and software provide developer more option chosen their familiar tools such as
programming language, interactive development environment (IDE), libraries and tools,
operating system, database management system (DBMS).
Chapter 4
This chapter is to assess and choose the most suitable approach for a suggested project, the
researcher will compare two system development methodologies. Thereby, to demonstrate how
12
effectively the technique chosen for the project fits the nature of the suggested initiatives, it will
be further explored and analyzed.
Chapter 5
This section will select suitable data collection techniques appropriate to the project environment
and resources. Templates and questions will be created and provided for various data collection
techniques. After choosing the data collection method and asking the relevant research questions,
the actual research will be carried out.
Chapter 6
This chapter will research and analyze the data to decide whether the project's projected
deliverables should be kept, changed, or cancelled after gathering all the data and responses from
the target respondents.
Chapter 7
The last chapter of the investigative report provide a review and summary of the entire report. It
needs to list the main achievements of all projects and any problems or weaknesses in the
research. This section also specifies and describes reference lists and appendices related to the
report, respectively.
1.8 Project Plan

Final Year Project
13
Task Duration Start Date End Date Status

(Days)
Project Proposal Form 5 23/5/2023 28/5/2023 Done
(PPF)
Project Specification Form
15 10/6/2023 25/6/2023 Done
(PSF)
Investigation Report
Chapter 1:
5 1/7/2023 6/7/2023 Done
Introduction to Study
1.1 Project Background 1 1/7/2023 1/7/2023 Done
1.2 Problem Context 1 1/7/2023 1/7/2023 Done
1.3 Rationale 1 2/7/2023 2/7/2023 Done
1.4 Potential Benefit 1 3/7/2023 3/7/2023 Done
1.5 Target Users 1 4/7/2023 4/7/2023 Done
1.6 Scope and Objectives 1 5/7/2023 5/7/2023 Done
1.7 Overview of this Done
1 5/7/2023 5/7/2023
Investigation Report
1.8 Project Plan 1 6/7/2023 6/7/2023 Done
Chapter 2:
10 10/7/2023 19/7/2023 Done
Literature Review
2.1 Introduction 3 10/7/2023 12/7/2023 Done
2.2 Domain Research 3 13/7/2023 15/7/2023 Done
2.3 Similar Research 3 16/7/2023 18/7/2023 Done
2.4 Summary 1 19/7/2023 19/7/2023 Done
Chapter 3: Done
3 20/7/2023 22/7/2023
Technical Research
3.2 Programming Done
1 20/7/2023 20/7/2023
Language
3.3 Interactive 1 20/7/2023 20/7/2023 Done
14
Development Environment
(IDE)
3.4 Libraries / Tools 1 21/7/2023 21/7/2023 Done
3.5 Database Management Done
1 21/7/2023 21/7/2023
System
3.6 Operating System 1 21/7/2023 21/7/2023 Done
3.7 Web Browser 1 22/7/2023 22/7/2023 Done
3.8 Summary 1 22/7/2023 22/7/2023 Done
Chapter 4:
System Development 3 23/7/2023 25/7/2023 Done
Methodology
4.2 Methodology Selection 1 23/7/2023 23/7/2023 Done
4.3 Comparison of
1 23/7/2023 23/7/2023 Done
Methodologies
4.4 Justification of the
2 23/7/2023 24/7/2023 Done
Chosen Methodology
4.5 Implementation of the
1 24/7/2023 25/7/2023 Done
Selected Methodology
Chapter 5:
5 26/7/2023 31/7/2023 Done
Research Methods
5.2 Design 4 26/7/2023 30/7/2023 Done
5.3 Summary 1 30/7/2023 31/7/2023 Done
Chapter 6:
6 1/8/2023 8/8/2023 Done
Requirement Validation
6.1 Analysis of Data 3 1/8/2023 4/8/2023 Done
6.2 Summary 1 4/8/2023 5/8/2023 Done
Chapter 7:
Conclusion and 2 6/8/2023 8/8/2023 Done
Reflections
15
CHAPTER 2: LITERATURE REVIEW

2.1 Introduction
As computer systems are increasingly under attack, users are placing a greater emphasis on
information security. Security protects computers and everything associated with them, including
16
networks, terminals, printers, cabling, disks, and most importantly, it protects the information
available in this environment. The explosive growth of computer networks is expanding the
reach of social networks, as well as driving the development of social networks. The way content
is shared and accessed is now at the heart of a new global culture, influencing and integrating all
areas of personal and business life. (A.Ahmad Sharifi, 2014)
Web applications are generally accessible to multiple users with different permission levels.
These privileges are controlled by an authorization process to ensure that users perform only
authorized operations. A cybersecurity threat or issue is defined as a potentially malicious
activity that specifically targets one or more components of the web application architecture
(e.g., a user's browser or a web application hosting server). (Omer Aslan,2017)
According to (Indraneel Mukhopadhyay, 2010), he argues that it is unrealistic that IDPS should
be able to detect all attacks and prevent them. Given the complexity and rapid evolution of
attacks and systems, perfect detection and prevention is simply not possible. Today, even
malware developers are developing self-mutating worms that are difficult to detect even with an
IDPS. That's why updated technology for IDPS is also necessary.
Based on these issues, my system provides the fullest possible comprehensiveness for network
security issues based on the performance of IPS and IDS. Based on html and php to improve the
web application security design to provide users with good network security performance.
2.2 Domain research

Intrusion detection and defense technologies are still immature in the field of web application
security. Intrusion detection and prevention systems are mainly used as network security
appliances. However, the design of network IDPS requires a different approach than traditional
network IDPS to manage the complexity associated with modern network applications. Network-
specific security issues are very different from traditional network attacks. In fact, a web security
17
threat or issue is a potentially malicious activity that specifically targets one or more components
of a web application architecture, such as a user's browser or a web application hosting server
(Yassine Sadqi, 2021). Therefore, with the advancement of time to understand nowadays the use
of intrusion detection and defense technologies in the field of web application security will bring
different issues and impacts. In addition, in the study of network IDPS, the accessibility and
connectivity of network IDPS is often discussed. We believe that these are the key factors
affecting this topic.
2.2.1 Types of the IDPS

Before discussing the types of IDPS, it is important to understand the exact importance and
meaning of IDPS.IDPS protects the movement and flow of network data and information within
a computer network. IDPS plays a vital role in securing this transmission by monitoring,
analyzing, and preventing potential intrusions and threats. As such, an analysis of typical types of
IDPS has been listed in the table below.
Table 1: Types of the IDPS
Type of IDPS Definition Use

Network-based A NIDS is an IDPS that monitors and NIDS are typically used in
Intrusion Detection analyzes network traffic at strategic points enterprise networks to
System (NIDS) within the network to detect suspicious monitor incoming and
activity and potential intrusions. outgoing traffic and
provide additional security
at the network level.
Host-based HIDS are installed on individual hosts or HIDS are used to protect
Intrusion Detection servers to monitor and analyze activity critical servers and
System (HIDS) occurring on the host, providing security workstations from potential
at the endpoint level. intrusions and to detect any
suspicious activity on a
specific host.
18
Hybrid Intrusion A hybrid IDPS combines the features of Hybrid IDPS for high-
Detection and an intrusion detection (IDPS) and security environments that
Prevention System intrusion prevention (IPS) system to both not only detects potential
(IDPS) detect and respond to potential threats. threats, but also proactively
blocks and prevents
potential threats.
Cloud Intrusion A cloud-based IDPS leverages cloud Cloud-based IDPS for
Detection System infrastructure to provide intrusion securing cloud workloads
detection and defense services, providing and applications, providing
scalability and flexibility for cloud-based protection for dynamic and
environments. distributed cloud
environments.
Table 2: Comparison the different type of IDPS
Types of IDPS
Network-based Host-based Hybrid Cloud
Deployment Deployed at single host or Combines the Utilizes cloud
strategic points server. capabilities of infrastructure to
within the IDPS and IPS. provide IDPS
network to services.
monitor traffic.
Focus Analyze network Monitors activity Provides a Monitoring
packets to detect and events on the comprehensive cloud-based
suspicious host itself. security. workloads,
activity. applications and
data.
Advantages Provides Provides detailed Real-time Scalable,
visibility across visibility into response flexible and
the network to host-level capabilities. easily adapts to
detect threats activity. dynamic cloud
19
affecting multiple environments.

hosts.
Use cases Protects the entire Protect critical High security Protecting cloud
network from servers and environments. workloads and
external and workstations. applications in
internal threats. cloud-native
environments.
Capabilities Integrated with Alert Provides both Depending on
other security administrators to detection and the cloud
measures for respond. prevention provider's
prevention. capabilities. offerings.
Scalability Scalable to Depends on the Depends on Highly scalable
different network number of hosts resources and due to cloud
sizes and and available implementation. infrastructure.
segments. resources.
According to table 2, network-based IDPS has a wider monitoring scope because it examines all
network traffic passing through strategic points on the network. Web-based IDPSs typically offer
centralized deployment and management, making it easier to administer and monitor from a
single console. This centralized approach simplifies configuration, monitoring and response
orchestration. Designed to handle large volumes of network traffic, a web-based IDPS can scale
to support high-traffic enterprise networks. As network traffic increases, a network-based IDPS
can handle the load efficiently. The advantage of a network-based IDPS is that it provides a
global view of network activity, detecting threats before they reach individual hosts. By
inspecting traffic at network boundaries, it can prevent potential intrusions from reaching
vulnerable hosts, thus reducing the attack surface and providing an additional layer of defense.
2.3 Similar System (with similar features)

Examining and evaluating existing systems and applications that currently have access to their
support systems Before embarking on the development of my project in the project, it is
necessary to compare different systems and applications in the existing market. Thus, by
20
comparing the systems and identifying strategies and possibilities to differentiate the proposed
system from other competitors, the researcher can decide on the way to develop the project's
application by taking into account the market opportunities that will be available when the
project's application is released. As a result, there are many strategies that may be considered
when developing the project, such as adding features or emphasizing usability aspects to
differentiate the finished product from other software deployment tools currently in use. In this
section, the researcher will conduct a comparative analysis of three existing IDPS tools with
similar functionality, purpose, and goals.
2.3.1 Snort
Figure 1: Snort Logo, source: https://www.snort.org/
First of all, Snort is an open source Intrusion Detection and Prevention System (IDPS) widely
used for network security monitoring. Snort is known for its flexibility, scalability, and power.
Snort passively sniffs network traffic by capturing packets in promiscuous mode to analyze all
packets traversing a network segment. Snort can analyze and decode a variety of network
21
protocols, including TCP, UDP, ICMP, HTTP, FTP, DNS, and more. This makes it possible to
understand the application layer of network packets. Snort includes a variety of preprocessors
that perform additional packet analysis and prepare data for inspection. Examples include HTTP
normalization, IP fragmentation, and flow reassembly. When Snort detects suspicious activity, it
generates alerts and logs containing information about the event, such as source and destination
IP addresses, timestamps, and the rule that triggered the alert.
Figure 2: Snort platform

This is the platform of Snort alert page. As you can see from his alert page, Snort logs alarms to
designated log files for viewing by security administrators and analysts. Snort generates alerts
when network traffic meets the criteria of a Snort rule. Alerts include detailed information about
the event, such as source and destination IP addresses, ports, timestamps, and the rule that
triggered the alert.
22
2.3.2 Suricata
Figure 3: Suricata logo, source: https://suricata.io/

Suricata analyzes network traffic in real time, examining packets passing through network
interfaces. It supports a variety of network protocols and can efficiently handle high-speed
networks. Suricata can also effectively utilize multi-core processors, allowing it to efficiently
handle network traffic and high throughput. Suricata can use behavioral analysis to identify
anomalies and unusual behavior in network traffic. This helps detect zero-day and unknown
threats. Suricata can decrypt TLS/SSL encrypted traffic to examine the content to detect threats
hidden in encrypted connections.
2.3.3 Security Onion
Figure 4:Security Onion logo, source: https://securityonionsolutions.com/

Security Onion is a free and open source Linux distribution designed for network security
monitoring and intrusion detection. Designed for network security monitoring, Security Onion
captures and analyzes network traffic in real-time to detect potential security events and threats.
Security Onion captures and stores complete network packets, enabling security analysts to
perform detailed forensic analysis of network traffic. It centralizes the management of logs from
different sources, making it easier to monitor and analyze security events. Also provides SIEM
functionality that aggregates and correlates security events from different sources to provide a
comprehensive view of network security. Security Onion offers a simple setup process with pre-
configured virtual machine images to make deployment fast and easy.
23
2.3.4 Comparison of Chosen Similar Systems

Table 3: Comparison of Chosen Similar Systems
Criterion Onion Suricata Security Onion

Founded Year 1998 2009 2008
Feedback Form No No Yes
Chatbot Not Available Not Available Available
Performance No Yes Yes
User Interface Stability and Multi-threaded and Easy to use
reliability scalable
Alert Yes Yes Yes
2.4 Summary
These important features and characteristics were analyzed based on a comparative analysis of
three selected existing cybersecurity domain systems, Snort, Suricata and Security Onion. The
proposed cybersecurity domain systems have similar characteristics and objectives and it can be
clearly analyzed that all the selected systems are connected to all users. In the case of Chatbot,
only Security Onion provides chatbot to help the user's problem, providing chatbot can solve
many problems for the users which they don't know and also can fully act as a guide for them to
stop more complex attacks.
24
CHAPTER 3: TECHNICAL RESEARCH

3.1 Introduction
The outcome of this chapter is the selection of programming languages, interactive development
environments (IDEs), database management systems (DBMSs), third-party tools or libraries, operating
systems, network systems, and web browsers that will impact the development of the project's
applications.
3.2 Programming Language Chosen
Figure 5: HTML, CSS, JS icon, sources: https://phantomlandscapes.com/2021/04/22/learning-

webdesign-now-html-css-js/
The project is based on a web-based application as the final management system, and most of the
development efforts are focused on two programming languages, namely front-end and back-end
components. Firstly, the front-end development includes Hypertext Markup Language (HTML),
Cascading Style Sheets (CSS) and JavaScript (JS) as shown in Figure 7 above. These three front-
end programming languages will be selected for this web application development. On the other
25
hand, back-end development refers to "server-side development". It is a scripting language that

contains database and website architecture. PHP and SQL will be used for scripting language and
database.There are various scripting languages used for back-end development such as Ruby,
Node.js and Python.Table 4 will compare the features of these two scripting languages in detail.
Table 4: Comparison between PHP and Ruby
Element PHP Ruby
Performance Fast Slow
Syntax Similar  Perl and C language Similar  Perl and Python
Function Inbuilt Not Inbuilt (require load libraries)
Application Web application Desktop & Web application

Development & Easy Difficult
Deployment Skill
Programming language Ruby  Programming language
Framework Rail  Framework has been
developed
Source from: https://www.educba.com/ruby-vs-php/
From the above table, it is clear that both PHP and Ruby are general purpose programming
languages, but the use of the Rails framework makes the languages more versatile and adaptable.
One of the reasons for the faster performance of PHP applications than Ruby applications in the
table may be that the PHP language has built-in functions, whereas Ruby has to load libraries in
order to get the appropriate functions. The development and deployment of Ruby applications
requires more skills than the development and deployment of PHP applications.
Table 5: Programming Language Version
Programming Language Rending Version
26
Hyper Text Markup Language Client-Side 5.0

(HTML)
MySQL Server-side 5.0
Scripting Language (PHP) Server-side 7.2
Cascading Style Sheets Client-Side 3
3.3 IDE(Interactive Development Environment) Chosen
Figure 6: Visual Studio Code Logo
There is a wide variety of interactive development environments (IDEs) that play different roles
in creating software systems. An IDE provides a user interface (UI) for programming, testing and
debugging. It has the ability to compile and interpret programs (Nagathan, 2021)
The execution code editor chosen for this project is Visual Studio Code (VS Code). This IDE
combines powerful developer features with the simplicity of a source code editor. VS Code is
also recommended for web developers to use when creating their own websites, as they may feel
more comfortable when programming due to the fact that it contains powerful tools for web
technologies. On the other hand, VS Code is a free software with no additional costs within the
IDE, which is probably the best feature for all programmers.VS Code supports multiple
programming languages, cross-language references can be easily detected, and Intelli-Sense can
detect incomplete code snippets (Pedamkar, 2021).
27
3.4 Libraries / Framework Chosen

First of all, libraries or frameworks describe code that has been pre-written by someone else to
reduce your workload. The purpose of these frameworks is to help developers reduce and
simplify the amount of custom code in their programs. In this project, it is necessary to import
these libraries or frameworks and shorten the lengthy coding time by providing similar features.
In addition, the use of libraries and frameworks enhances the functionality of the software and
increases the value and quality of the project application. Therefore, the libraries or frameworks
chosen for this project are Bootstrap, jQuery and An. Bootstrap.
3.4.1 Bootstrap
Figure 7: Bootstrap 5 Icon: sources: https://www.codesnail.com/bootstrap-5-alpha/

As shown in Figure 7, Bootstrap is an open source web development framework designed to
simplify the web development process for responsive mobile-first websites by providing a set of
template design syntax.Bootstrap contains a large number of HTML, CSS, and JS-based scripts
for implementing a large number of features and components associated with web design.
(Alexandria, 2022).
28
3.4.2 jQuery
Figure 8: jQuery Icon, source: https://www.codesnail.com/bootstrap-5-alpha/

jQuery is a classic web script with a common abstraction layer for virtually any web
development environment. jQuery greatly simplifies tasks such as HTML document traversal
and manipulation, event handling, animation, and Ajax with an intuitive API that runs in a wide
range of browsers. jQuery is the first web script with a common abstraction layer for virtually
any web development environment. jQuery is the first web script with a common abstraction
layer for almost any web development environment. (Foundation, n.d.)
3.4.3 Bro (Zeek)
Figure 9: Bro(Zeek) Icon, source: https://docs.zeek.org/en/master/index.html/

Zeek (formerly Bro) is a powerful and versatile network security monitoring tool with multiple
features for analyzing network traffic and detecting security threats. Some of Zeek's key features
include Network Traffic Analysis, Protocol Detection, Anomaly Detection, Intrusion Detection,
File Extraction, Connection Logging, Real-Time Analytics and so on.
29
3.5 Database Management System Chosen

A database management system (DBMS) is software with appropriate security measures
designed to store and retrieve user data. It consists of a set of applications that run on a database.
The applications submit data requests to the DBMS, which then instructs the operating system to
provide the requested data (Peterson, 2022). In this web application project, we will choose
MySQL database for storage and access.
Figure 10: MySQL Icon, source: https://www.developer.com/database/mysql-dayofweek-function/
My SQL is a free and open source DBMS, a type of relational database management system
(RDBMS) in the client-server model. The relational model is one of the most widely used of
DBMSs and is based on the normalization of data in tables. (Boyd, 2022).
Table 5: Comparison between MySQL and Microsoft Access DBMS
My SQL Microsoft Access

Developer Oracle Corporation Microsoft
Cost Free, open source Cost, closed source
Performance Better than MS Access Normal
Supported Almost all platform Windows
Operating System
Query Language SQL SQL

Security More Secured Limited
Configured with SSL support
30
Accessing Number Larger Small

Suitability For desktop-based database For desktop computer
3.5.1 Justification of chosen my SQL

As can be seen from the table above, there are many similarities between the two database
management systems. In fact, access provides a simpler and easier to learn interface for building
database solutions. The proposed system should consider the use of free and open source
databases for storing user data as the system will be updating and modifying a large number of
records on a regular basis.
3.6 Operating System Chosen
Figure 11: Window 10 logo

The operating system used in this proposed system will be Microsoft Windows 10 Pro 64-bit
operating system, version 21H1. Windows 10 was released in July 2015, and the operating
system has been running for more than 7 years now and is very stable, supporting a wide range
of applications and languages. Therefore, Windows 10 is a solid choice for programmers.
Comparing Windows 10 with Mac or Linux, it has more advantages or familiar user interface for
everyone.
31
3.7 Web Browser

The web browser is installed on a personal computer (PC) and is used to access and navigate the
proposed web application. Before development can begin, the proposed web application must be
compatible with as many browsers as possible. The following are commonly used web browsers.
 Firefox
 Microsoft Edge
 Google Chrome
To develop a great design view for a user-accessible web application, CSS is probably one of the
most critical factors that affect the quality of the proposed system. Therefore, choose a CSS
reference that is more compatible with browser support to provide better performance for your
system. The largest number of references support the three types of web browsers mentioned
above.
3.8 Summary
In short, the process of conducting a technical study improves the developer's understanding of
the technical requirements, including any software tools relevant to this project. Doing so avoids
many unnecessary cost and time issues. Developers can choose development tools with which
they are familiar, thereby improving their performance and making better use of this project. To
summarize the research in this section, the following table will clearly illustrate the technical
elements involved in the development of the proposed project.
32
CHAPTER 4: SYSTEM DEVELOPMENT METHODOLOGY

4.1 Introduction
Software development methodology known as Software Development Life Cycle (SDLC) is a
set of guiding principles that explains the phases or processes of software development. There
are various types of methodologies available in the market, which can be categorized into two
main groups: traditional methodologies and agile methodologies.
4.2 Methodology Selection

4.2.1 Scrum Methodology
Scrum method is one of the agile based methods. It provides a framework for dealing with
project processes or tasks (Thakur, 2022). Therefore, the Scrum team has to describe the issues
that they deal with in the method, but not in detail. In addition, the Scrum method is often used
for rapid development, which is an agile development methodology that utilizes a more flexible
and efficient framework designed to deliver value to the customer throughout the project
development process.
Scrum's method of working and the requirement to release functional versions after each
iteration helps produce higher quality software. Additionally, Scrum is adaptable to change
because it responds quickly to changes in requirements brought about by customer needs, and the
methodology makes it simple to incorporate changing requirements into the project (digite,
n.d.).Key roles in the Scrum framework include the Product Owner, the Scrum Master, and the
development team, and in the following section, I will describe their workloads in terms of their
Tasks.
33
Table 7: Key roles person with workload, sources: https://www.educba.com/scrum-process/
Product Owner  Communicate between the client and the development team
 Ensure that the finished product meets the client's expectations and
satisfies the client.
Scrum Masterworks  Ensure that Scrum best practices are implemented in the project.
 Schedule resources needed for sprint planning, standups, sprint
reviews, and sprint retrospectives.
Development Team  Co-develop and test incremental versions of the final product
Figure 3:Scrum process, sources: https://uxdesign.cc/dls-bootstrapping-innovating-with-limited-

resources-5163b7ab5be3
1. Initiation
This phase performs the functions associated with project initiation in order to create a more
flexible project overview and process. First, you need to define the project vision and goals
and identify the key roles, as shown in Table 8 above. As a result, based on consumer
feedback, the development team prioritizes the list of product owners. (Campbell, 2022).
34
2. Planning and estimation
This phase includes all processes associated with each sprint of the planning and estimation
task. Thus it includes creating and submitting user stories, approving, evaluating and creating
the sprint backlog. (Campbell, 2022)
3. Implementation
All processes associated with the tasks performed by the Scrum Team in the production of
the project product that are necessary to create deliverables, hold daily Scrum meetings, and
update product backlog items are included in this phase. (Campbell, 2022)
4. Retrospective and review
During this phase, the Scrum team needs to take various actions to identify areas for
improvement and figure out how to make the next sprint better than the previous one by
reviewing the deliverables or releasable items and the work that has been done. The
processes involved include sprint review, holding a Scrum meeting, presenting or validating
the sprint, and sprint retrospectives. (Campbell, 2022).
5. Release.
The main goal of this phase is to deliver the final deliverables of the project to the client and
to document and internalize the various lessons learned that the Scrum team has identified
throughout the development process. It includes the process of post-project analysis and
deliverables. (Campbell, 2022)
35
4.2.2 Waterfall Methodology
Figure 13: Waterfall Methodology Model

The waterfall method is also known as the traditional method. It is a linear conceptual model that
divides the project into successive phases. Since these phases do not overlap or iterate in any
way, a new process begins only after the previous phase has ended. (tutorialspoint, n.d.).
The first SDLC model widely used in the software engineering field to ensure project success
was the waterfall approach. Using the "waterfall" approach, the entire software development
process can be broken down into phases. In this waterfall model, the results of one phase often
feed into the next.
1. Requirements gathering and analysis
Requirements gathering is the process of collecting software requirements from the customer and
documenting them in a Software Requirements Specification (SRS) document. The analysis
phase includes a feasibility study, project plan and project calculations. The feasibility study
evaluates the cost, revenue and feasibility of the software project. The software requirements
definition is provided by the feasibility study and is the same document as mentioned earlier.
(IONOS Digitalguide, 2019)
36
2. System design
In this phase, software architects and complex build schedules are created, focusing on
elements such as interfaces, frameworks or libraries. In this case, use cases, data flows and
connections between application components are described using UML diagrams.
3. Implementation
This phase is primarily concerned with the coding of the software, which will be done for
each component of the system using the chosen programming language. Each component has
a small program called a unit. The development and functional testing of each unit is called
unit testing. The programs of each unit are combined into an integrated module and finally
the whole system has different functionalities.
4. Testing
In this phase various testing techniques like unit testing, integration testing and system
testing will be used. The implementation step is usually when unit testing is performed,
although this phase is to ensure that any small programs are tested. Occasionally, system
users will also participate in user acceptability testing to ensure that each software feature
generated meets the criteria outlined in the SRS specification.
5. Deployment
Once functional and non-functional testing is complete, the product software is deployed to
user or customer systems, or to the marketplace. Installation, migration, and support of the
entire system in the user or customer environment occurs during the deployment phase.
(tutorialspoint, n.d.)
37
6. Maintenance
The last phase of the waterfall approach is the maintenance phase, which addresses a number
of issues that arise in the customer's environment. To ensure that the released software runs
smoothly, the maintenance phase can provide some technical support such as releasing new
patches to enhance the software with better versions. (tutorialspoint, n.d.)
4.3 Comparison of Methodologies

The table 9 is the comparison between the Scrum model and Waterfall model based on the
various characteristics that select suitable methodology in proposed system.
Table 6: Comparison Software Development Methodology
Software Development Methodology

Criterion
Waterfall Model SCRUM Model
Development Sequential Development Iterative Development
 Constant and fast feedback
 More tolerant of late learning
Feedback  Customers and stakeholder
 Keep customer at bay
at each phase
Team Functional Cross Functional
Risk Low High
Quality Management Low High
Prioritization Static Dynamic
Resources Required High Low
Iteration Time Long Short
Approach to Change
Only allow changes at earlier stage. Allow new changes anytime
Requirement
38
4.4 Justification on Chosen Methodology

After comparing the technical characteristics of the Waterfall and Scrum models, the Scrum
model will be used to select the most suitable software development method for the proposed
system. The waterfall model takes a long time to develop and is not good at adapting to changes.
Due to the lack of clarity of the requirements during the development process, it is not possible
to prepare for its changes. Waterfall model is easy to control and transparent to the client due to
strict reporting system, while Agile approach provides relatively high quality results, increased
customer satisfaction, shorter release time and better cost savings.
4.5 Implementation of the Selected Methodology

Implementing the Scrum methodology for the IDPS (Intrusion Detection and Prevention System)
web application security project helps to increase collaboration, flexibility, and efficiency in the
development process. Scrum is an agile framework that facilitates iterative development and
enhances the ability of cross-functional teams to deliver high-quality products.
The Scrum workflow starts with the Product Backlog and Sprint Planning. In the Sprint Planning
meeting, the Product Owner and the Scrum Master of the team will discuss the top priority user
stories and decide which stories can be progressed to the next sprint. The output of the Sprint
Planning meeting is the Sprint Backlog. The output of the sprint planning meeting is the sprint
backlog.
Throughout the Sprint, the team collaborates to complete the tasks in the Sprint Backlog.The
Scrum Master ensures that the team follows the Scrum practices and meets the Sprint goals.
Focus on delivering increments of the IDPS web application security solution at the end of each
Sprint. Perform ongoing testing to ensure that security measures are effective and meet required
standards. Follow the Sprint Retrospective with a Sprint Review meeting to reflect on the team's
performance, discuss what went well, what can be improved, and create actionable items for
continuous improvement.
Apply feedback received during the Sprint Review and Sprint Retrospective to enhance security
features in subsequent Sprints. Continuously adapt and improve security measures in response to
39
changing threats and requirements. Repeat the Scrum process in new Sprints until the IDPS web
application security solution reaches the required level of security and functionality.
4.6 Summary
In conclusion, after reviewing the two different approaches in this chapter, the software
development methodology for this system utilizes the Scrum methodology. The comparison table
shows that the Scrum method provides a good development environment for the stakeholders.
Therefore, choosing the right method is the key to improve the development efficiency.
40
CHAPTER 5 RESEARCH METHODS

5.1 Introduction
In Chapter 2, the literature review defines the scope of the project and explores the project topic,
including the results of a detailed analysis of the types of IDPS web application security and the
challenges facing IDPS web application security. While previous studies have yielded different
results for this project topic, the study sample also influences the results. Therefore, it is
important for the proposed project to conduct research based on the project study or topic and to
collect information or opinions from different users on the project issues.
5.2 Quantitative Paradigm: Questionnaire

Questionnaire will be selected for data collection in this project and the target audience of this
study is the same as the target users of this project. The purpose of questionnaire is to collect
information from the respondents about their attitudes, experiences and opinions (Bhandari,
2022). Open-ended and closed-ended questions are often used in research questionnaires. Thus,
questionnaires allow for the collection of large amounts of data from respondents quickly and
anonymously (Bhat, 2022). The online questionnaire used in this project is a common method of
questionnaire survey. Modern technology allows for easy distribution of questionnaires to large
audiences through social media, email, and other platforms. Distribution of questionnaires can be
simple nowadays as the internet and websites offer free questionnaire creation and distribution
services.
Figure 14: Google Forms Icon
41
Google Forms provides the ability to easily create and share online forms as well as surveys and
analyze responses in real time. It is a free online survey tool that makes it easy to collect closed-
ended data using Google Forms answer types such as multiple choice, checkbox, and linear
scales.
5.3 Questionnaires Design
Figure 15: Introduction of my Survey
The figure above shows the introduction to the survey, which provided respondents with
information about current issues in the program, as well as a brief description related to the
context of the issue and the purpose of the program. For example, if the respondent identifies any
issues, an e-mail address can be provided to allow the respondent to comment based on the
particular issue.
Section 2: Demographic Profile
42
Figure 16: Question 1

This is the first question in the "Demographic Profile" section, where you can determine the
overall percentage of participants of each gender who participated in the survey.
The second question in the demographic profile section was to categorize the age groups of the
respondents who participated in this survey.
43
The purpose of Question 4 was to find out the nationality of the respondents who participated in
the survey. If the respondents are not Malaysian, they are also welcome to comment on the web
application security of IDPS.
Section 3: General Questions of IDPS web application security
The first question in section 3(General Questions) is to collect the percentage for respondents’
really know or have heard of IDPS web application security.
44
The question 5 was to collect respondent’s satisfaction who used with IDPS before. This is
because whether respondents are satisfied and reassured by IDPS.
Question 6 collected information about the respondents' usual online activities. This will help
them to understand their security on the internet.
45
Question 7 collected information on whether respondents were confident in their own awareness
of web application security. This can be done by having a certain level of confidence in their
awareness of web application security.
Question 8 was to collect respondents' views on whether they are worried about cyber attacks
when they use the Internet in their day-to-day life.
46
Question 9 collected information on whether the respondents had experienced any web security
issues while using web applications.
Question 10 was answered by whether the respondents were aware of the common web
application attack.
47
Section 4 : Security Question of IDPS web application security
Question 11 went through the respondents' knowledge of the IDPS through a few options to find
out which of the IDPS features they were most confident in.
Question 12 was about the extent to which IDPS is used by the respondents, and what
performance qualities should be improved by IDPS through the respondents.
48
Question 13 went through whether respondents were satisfied with the idea of IDPS's automated
real-time prevention of potential security threats and whether it gave them peace of mind when
using the network.
Question 14 was asked through whether respondents were comfortable or worried about the web
application security features of IDPS or whether they needed more robust performance to protect
their network security.
5.4 Summary
Only quantitative research methods were used to collect data for this study. The number of
respondents is crucial in this survey in order to obtain more accurate and reliable information. A
larger number of respondents can improve the quality of the study. In order to understand the
thoughts and opinions of the target users about the proposed project, the survey contained a total
of 12 closed-ended questions and 2 open-ended questions.
49
CHAPTER 6: REQUIREMENTS VALIDATION

6.1 Introduction
The data collected in the research methodology in the previous chapter. The data collected will
be analyzed in this chapter. The researcher can further improve it by referring to the participants'
responses in this key chapter.
6.2 Analysis of Data Collected through Questionnaire
Figure 30: Demographic Profile – Question 1
According to the above results, there were more male participants than female participants. 78%
and 22% respectively.
50
According to the above results, the majority of respondents were from the 19-30 age group
(96%), while the 31-49 and 12-18 age groups accounted for the remaining half of the
respondents. In addition, the results show that no respondent aged 50 years or above participated
in the survey.
51
According to the above results, the majority of the respondents were of Malaysian nationality
with a percentage of 96% respectively, while 4% of the respondents were of Japanese and Indian
nationality respectively.
Figure 33: General Questions – Question 1
According to the above results, 40% of the respondents are aware of the background and
usefulness of IDPS. 30% of the respondents are not aware of the usefulness of IDPS and 30% of
the respondents are not sure about the usefulness that IDPS brings. From this analysis, we can
52
determine that more than half of the 50 respondents do not have a strong awareness of the cyber
security protection of IDPS.
Figure 34 shows that 44% of the respondents were generally satisfied with the security of web
applications brought about by IDPS. With the exception of 8.9% (4 respondents) and 4.4% (2
respondent), the rest of the respondents were comfortable with the use of IDPS.
53
Figure 35 shows that almost all respondents use web applications very frequently. Through 60%
(30 respondents) we can understand that people and internet are connected all the time.
The above graph shows that all the respondents have protected their online privacy. They have
some confidence in their online security. By 50% (25 respondents) we can understand that the
respondents are security conscious, but they don't have high confidence in web applications.
54
Through the above graph, it shows that every respondent has a different level of concern about
being cyber-attacked. By comparing the 14% (7 respondents) who are the most worried and the
16% (8 respondents) who are the least worried, we can see the most of respondents do not have a
high level of web application security awareness.
55
In Figure 38 above, we can see that most of the people are not facing security problems. 74% of
the people are taking security precautions on their network. In 26% of the cases, there was a
problem that someone's account was leaked, and we believe that with this experience, they will
be able to take better security precautions.
56
As we can see from the above graph, most of the people do not recognize or have not
encountered the common web application attacks. Comparing the 36% of the respondents to the
14% of the people who have been attacked in Figure 38 above, I believe that it is the people who
have been attacked who are more aware of these web application attacks.
Figure 40: Security Questions – Question 1
As we can understand from the above chart, everyone has a different opinion about the basic
functions of IDPS in web application security. Based on 38% (real-time monitoring), 22% (web
application firewall (WAF)), 14% (user authentication and access control), and 26% (real-time
57
alerts), the author believes that real-time monitoring was chosen because it is critical in all areas,
especially in network security and business operations.
Through the above graph we can understand that the respondents have different views about the
solution of IDPS web application security. The analysis of the above graph shows that Ease of
Use and Upgrade have a very high support rate. It is believed that the respondents are in favor of
Ease of Use and Upgrade for IDPS web application security solution.
58
Figure 42 shows that almost all respondents were satisfied with the idea of IDPS automatically
preventing potential security threats in real time. The problem with manually preventing
potential security threats is that they are difficult to detect. Automation saves time and makes it
easier to detect hard-to-detect security vulnerabilities.
59
60
Figures 43 represent open-ended questions. As a summary of the responses to this question, 47 of

the respondents felt that there were no issues with IDPS web application security that could
affect operations. In addition to this, 3 respondents thought that IDPS upgrades must be updated
regularly and that IDPS cannot be used by all applications.
61
6.2 Summary
After analyzing and evaluating the data in the form of a questionnaire, many of the responses
provided comments and insights. By analyzing the survey data, the researchers were able to gain
a clear understanding of the perspectives on developing web applications. By analyzing their
responses, the researchers were also able to gain a deeper understanding of the concerns of the
target users and what they suffer from in terms of transportation-related issues.
In addition, through this critical data collection method, it can be seen that more users should be
not too aware of the existence of current IDPS web application security in order to design
applications that are suitable for people to improve their quality of life.
62
CHAPTER 7: CONCLUSION AND REFELECTIONS

In the preliminary investigation report, the researcher considered various important aspects and
information for the development of the proposed web application. First, based on the details of
the study, the researcher determined the background of the project and the context of the
problem. The background study describes the importance of IDPS for the security of the web
application. In addition, the researcher discussed the rationale and benefits of the project because
the implementation of the project would be meaningless without any valuable results. Therefore,
these factors drove the development of this project to create a security feature that users can use
with confidence and will not be attacked.
In addition, the researcher conducted a literature review at an early stage to confirm the
feasibility of the proposed system. In addition to this, domain studies and similar systems
provided more and more information and ideas for the researchers to grasp the challenges facing
the project in depth. The more work the researchers carry out, the more experience they will have
in the development phase. For example, technical requirements, software development methods,
and research methods can improve the efficiency of the development of a proposed system. In
this study, the research methodology was chosen as only one way of collecting data through
questionnaires. These questionnaires were administered to 30 target respondents. The data
analyzed was informative due to the good response from the respondents.
In conclusion, writing a survey report is a necessary step in developing the various requirements
needed to study and evaluate the program. By analyzing it, I have accumulated the information
needed for the development phase of the project.
63
References
1. Chiba, Z., Abghour, N., Moussaid, K., Omri, A. E., & Rida, M. (2019). Intelligent
approach to build a Deep Neural Network based IDS for cloud environment using
combination of machine learning algorithms. Computers & Security, 86, 291–317.
https://doi.org/10.1016/j.cose.2019.06.013
2. Comparing the performance of intrusion detection systems: Snort and Suricata -

ProQuest. (n.d.-c). Retrieved from
https://www.proquest.com/openview/885ab9a9d8f5c1b92d177780fbe81699/1?pq-
origsite=gscholar&cbl=18750&diss=y
3. SNORT - Network Intrusion Detection & Prevention System. (n.d.). Retrieved from
https://www.snort.org
4. Sadqi, Y., & Mekkaoui, M. (2021). Design challenges and assessment of modern Web
Applications Intrusion Detection and Prevention Systems (IDPS). In Lecture notes in
networks and systems (pp. 1087–1104). https://doi.org/10.1007/978-3-030-66840-2_83
5. Ingalls, S. (2023). 13 Best Intrusion Detection and Prevention Systems (IDPS) for 2023.
eSecurityPlanet. Retrieved from https://www.esecurityplanet.com/products/intrusion-
detection-and-prevention-systems/
6. What type of intrusion detection and prevention system do I need? (2023, June 14).
Retrieved from https://kirkpatrickprice.com/blog/idps-techniques/
7. Hiremath, O. (2023). Why WAFs are not enough. Software Secured. Retrieved from
https://www.softwaresecured.com/why-wafs-are-not-enough/
64
8. Suricata vs. Snort: Similarities and Differences. (n.d.). Retrieved from

https://www.netgate.com/blog/suricata-vs-snort
9. Suricata VS SecurityOnion - compare differences & reviews? (n.d.). Retrieved from

https://www.saashub.com/compare-suricata-vs-securityonion
10. Blogger, G. (2023, August 7). Open source IDS tools: Comparing Suricata, Snort, Bro
(Zeek), Linux. Retrieved from
https://cybersecurity.att.com/blogs/security-essentials/open-source-intrusion-detection-
tools-a-quick-overview
11. What is agile scrum methodology? - Businessnewsdaily.com. (n.d.). Retrieved from

https://www.businessnewsdaily.com/4987-what-is-agile-scrum-methodology.html
12. Malsam, W. (2023, July 20). Scrum methodology: An introduction to the scrum process.
Retrieved from https://www.projectmanager.com/blog/scrum-methodology
13. Lutkevich, B., & Lewis, S. (2022). waterfall model. Software Quality. Retrieved from
https://www.techtarget.com/searchsoftwarequality/definition/waterfall-model
14. DeClute, D. (2023). Scrum vs. Waterfall: What’s the difference? TheServerSide.com.
Retrieved from https://www.theserverside.com/tip/Scrum-vs-Waterfall-Whats-the-
difference#:~:text=The%20key%20difference%20between%20Waterfall,lifecycle
%20into%20discrete%2C%20isolated%20phases.
65
Appendices
Project Proposal Form (PPF)
66
67
68
69
70
71
Project Specification Form (PSF)
72
73
74
75
76
Fast Track Ethical Approval Form
77
78
79
80
Project Log Sheet

Log Sheet 1
81
Log Sheet 2
82
Log Sheet 3
83
Gantt Chart
84
85

IR Report (Chan Chun Yew Tp057374)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IR Report (Chan Chun Yew Tp057374)

Uploaded by

Copyright:

Available Formats

CHAN CHUN YEW INVESTIGATION REPORT TP057374

Intrusion Detection and Prevention System (IDPS) for Web Application

A project submitted in partial fulfillment of the requirements of Asia Pacific

BSc(Hons) in IT specialism Network Computing

Supervised by Mr. YOGESWARAN NATHAN

2nd Marker: Ms. NORIS ISMAIL

3.5 Database Management System Chosen.............................................................................................31

CHAPTER 1: INTRODUCTION TO THE STUDY

1.2 Problem context

1.4 Potential Benefits

1.4.2 Intangible benefits

1.5 Target users

 Protect against phishing attacks, website kidnapping, or other forms of attack.

 Can manage the access of other users.

1.6 Scope and Objectives

1.6.3 Deliverables – Functionality of the proposed system

1.6.4 Nature of Challenges

1.7 Overview of this Investigation report

1.8 Project Plan

Task Duration Start Date End Date Status

CHAPTER 2: LITERATURE REVIEW

2.2 Domain research

2.2.1 Types of the IDPS

Table 1: Types of the IDPS

Type of IDPS Definition Use

Table 2: Comparison the different type of IDPS

affecting multiple environments.

2.3 Similar System (with similar features)

Figure 1: Snort Logo, source: https://www.snort.org/

Figure 2: Snort platform

Figure 3: Suricata logo, source: https://suricata.io/

2.3.3 Security Onion

Figure 4:Security Onion logo, source: https://securityonionsolutions.com/

2.3.4 Comparison of Chosen Similar Systems

Criterion Onion Suricata Security Onion

CHAPTER 3: TECHNICAL RESEARCH

3.2 Programming Language Chosen

Figure 5: HTML, CSS, JS icon, sources: https://phantomlandscapes.com/2021/04/22/learning-

hand, back-end development refers to "server-side development". It is a scripting language that

Table 4: Comparison between PHP and Ruby

Element PHP Ruby

Performance Fast Slow

Syntax Similar  Perl and C language Similar  Perl and Python

Function Inbuilt Not Inbuilt (require load libraries)

Application Web application Desktop & Web application

Table 5: Programming Language Version

Programming Language Rending Version

Hyper Text Markup Language Client-Side 5.0

3.3 IDE(Interactive Development Environment) Chosen

Figure 6: Visual Studio Code Logo

3.4 Libraries / Framework Chosen

Figure 7: Bootstrap 5 Icon: sources: https://www.codesnail.com/bootstrap-5-alpha/

Figure 8: jQuery Icon, source: https://www.codesnail.com/bootstrap-5-alpha/

3.4.3 Bro (Zeek)

Figure 9: Bro(Zeek) Icon, source: https://docs.zeek.org/en/master/index.html/

3.5 Database Management System Chosen

Figure 10: MySQL Icon, source: https://www.developer.com/database/mysql-dayofweek-function/

Table 5: Comparison between MySQL and Microsoft Access DBMS

My SQL Microsoft Access

Query Language SQL SQL

Accessing Number Larger Small

3.5.1 Justification of chosen my SQL

3.6 Operating System Chosen