Professional Documents
Culture Documents
Aug-2023
1
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Acknowledgement
First of all, I would like to thank Asia Pacific University of Technology & Innovation for
presenting us with an opportunity to run a project as one of the final year projects. I'd like to
thank my supervisor, Mr. Yogeswaran Nathan, for making helpful suggestions for improving my
document. Without his support, the projects, including the Project Proposal Form, Project
Specification Form, and Investigation Report, might not have delivered great content. He was
pointing out my mistakes so that I could improve myself.
Secondly, I would like to thank my parents who provided me with the ability to continue my
studies at university. Without their support, it would have been difficult to focus on producing
this investigative report. Last but not least, I want to thank myself for having a healthy body
during the pandemic so that I can complete this project on time.
2
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Table of Contents
Acknowledgement.........................................................................................................................................2
CHAPTER 1: INTRODUCTION TO THE STUDY.....................................................................................5
1.1 Background to the project..............................................................................................................5
1.2 Problem context.............................................................................................................................6
1.3 Rationale........................................................................................................................................7
1.4 Potential Benefits.................................................................................................................................7
1.4.1 Tangible benefits...........................................................................................................................7
1.4.2 Intangible benefits.........................................................................................................................8
1.5 Target users..........................................................................................................................................9
1.6 Scope and Objectives.........................................................................................................................10
1.6.1 Aims............................................................................................................................................10
1.6.2 Objectives...................................................................................................................................10
1.6.3 Deliverables – Functionality of the proposed system.................................................................11
1.6.4 Nature of Challenges...................................................................................................................11
1.7 Overview of this Investigation report............................................................................................12
1.8 Project Plan....................................................................................................................................14
CHAPTER 2: LITERATURE REVIEW.....................................................................................................17
2.1 Introduction........................................................................................................................................17
2.2 Domain research................................................................................................................................18
2.2.1 Types of the IDPS.......................................................................................................................18
2.3 Similar System (with similar features)..............................................................................................21
2.3.1 Snort................................................................................................................................................22
2.3.2 Suricata...........................................................................................................................................23
2.3.3 Security Onion................................................................................................................................24
2.3.4 Comparison of Chosen Similar Systems........................................................................................24
2.4 Summary............................................................................................................................................25
CHAPTER 3: TECHNICAL RESEARCH..................................................................................................26
3.1 Introduction........................................................................................................................................26
3.2 Programming Language Chosen........................................................................................................26
3.3 IDE(Interactive Development Environment) Chosen........................................................................28
3.4 Libraries / Framework Chosen...........................................................................................................29
3.4.1 Bootstrap.........................................................................................................................................29
3.4.2 jQuery.............................................................................................................................................30
3
CHAN CHUN YEW INVESTIGATION REPORT TP057374
4
CHAN CHUN YEW INVESTIGATION REPORT TP057374
To address these evolving cyber threats, this task aims to explore the implementation of an
Intrusion Detection and Prevention System (IDPS) in Web applications. IDPS is a
comprehensive security solution designed to proactively monitor, detect and block malicious
activity, enhancing the integrity and availability of Web applications against potential cyber
attacks.
5
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The context of the problem is the need to protect web applications from ever-changing cyber
threats. Traditional security measures such as firewalls and antivirus solutions alone are not
sufficient to defend against advanced attacks specifically targeting web applications. In the
absence of an integrated security solution, web applications can be easily exploited, leading to
potential data breaches, financial losses and reputational damage.
To address these challenges, there is a need for an integrated intrusion detection and prevention
system (IDPS) that is specifically tailored to the unique security requirements of web
applications. The IDPS acts as a vigilant guardian, continuously monitoring network traffic and
application activity, detecting and responding to anomalous or malicious behavior in real time.
By identifying and preventing security breaches, IDPS provides an additional layer of defense
that strengthens the overall security posture of web applications.
6
CHAN CHUN YEW INVESTIGATION REPORT TP057374
1.3 Rationale
According to the above problem statement, Intrusion Detection and Prevention System (IDPS)
plays a very important role in a network system. I will be utilizing my own web application to
implement the functionality of IDPS, which is a software that monitors specified web
applications for user actions. By using IDPS to protect web applications, user security will be
greatly increased. Although the likelihood of anyone experiencing an attack is very small,
prevention is very important for the security of one's privacy.
7
CHAN CHUN YEW INVESTIGATION REPORT TP057374
8
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Admin
9
CHAN CHUN YEW INVESTIGATION REPORT TP057374
1.6.2 Objectives
Monitor and detect potential security threats in real time. Analyze incoming traffic,
requests, and data for signs of suspicious or malicious activity.
Identify unusual patterns or behaviors that deviate from normal usage such as unusual
traffic spikes, unexpected data patterns, or unauthorized access attempts.
Uses known patterns or signatures of known attacks to identify and block similar
malicious activity.
Alert security personnel or administrators in a timely manner when suspicious activity is
detected. Rapid response and mitigation of potential threats.
Continuously monitor applications for potential threats and adapt to changing attack
vectors.
Monitor user activity to detect potential insider threats or unauthorized access.
10
CHAN CHUN YEW INVESTIGATION REPORT TP057374
For the IDPS system will be able to deliver real-time monitoring to capture and analyze web
application traffic in real-time, such as user logins, attempted attacks, and suspicious activities
web application events are logged into a database. Reports and analyses can be generated based
on the data stored in the database.
Alerts when any abnormal pattern is detected. When IDS detects suspicious activity, PHP scripts
can generate alerts and store them in the database. Can be used to create a notification
component in the user interface to display alerts to administrators.
Manage blacklists and whitelists of IP addresses or user agents. When suspicious activity is
detected, the offending IP can be added to the blacklist to block further access.
11
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The purpose of this chapter is to define the purpose of the presentation project and make it easier
for people to understand the main goals and vision related to the topic. First, the project
background and problem background explain various basic and important information. In
addition, relationships and potential interests provided more impetus to implement the project.
The project scope will be described, including goals, objectives, and deliverables. The nature of
the challenge will also be outlined. A project plan will be developed at the end of this chapter to
ensure that the investigation report is completed within the stipulated time.
Chapter 2
This chapter discusses research conducted in previous studies while discussing project-related
topics such as software deployment types and deployment issues and project issues. This
research can be found in various academic resources such as journals, books, or verified
websites. In addition, the analysis of similar systems currently available on the market is also
evaluated by a comparative analysis of the characteristics and weaknesses of similar systems.
Chapter 3
This chapter is to discuss the technical requirement and tools utilized for the development. The
comparison tools and software provide developer more option chosen their familiar tools such as
programming language, interactive development environment (IDE), libraries and tools,
operating system, database management system (DBMS).
Chapter 4
This chapter is to assess and choose the most suitable approach for a suggested project, the
researcher will compare two system development methodologies. Thereby, to demonstrate how
12
CHAN CHUN YEW INVESTIGATION REPORT TP057374
effectively the technique chosen for the project fits the nature of the suggested initiatives, it will
be further explored and analyzed.
Chapter 5
This section will select suitable data collection techniques appropriate to the project environment
and resources. Templates and questions will be created and provided for various data collection
techniques. After choosing the data collection method and asking the relevant research questions,
the actual research will be carried out.
Chapter 6
This chapter will research and analyze the data to decide whether the project's projected
deliverables should be kept, changed, or cancelled after gathering all the data and responses from
the target respondents.
Chapter 7
The last chapter of the investigative report provide a review and summary of the entire report. It
needs to list the main achievements of all projects and any problems or weaknesses in the
research. This section also specifies and describes reference lists and appendices related to the
report, respectively.
14
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Development Environment
(IDE)
3.4 Libraries / Tools 1 21/7/2023 21/7/2023 Done
3.5 Database Management Done
1 21/7/2023 21/7/2023
System
3.6 Operating System 1 21/7/2023 21/7/2023 Done
3.7 Web Browser 1 22/7/2023 22/7/2023 Done
3.8 Summary 1 22/7/2023 22/7/2023 Done
Chapter 4:
System Development 3 23/7/2023 25/7/2023 Done
Methodology
4.1 Introduction 1 23/7/2023 23/7/2023 Done
4.2 Methodology Selection 1 23/7/2023 23/7/2023 Done
4.3 Comparison of
1 23/7/2023 23/7/2023 Done
Methodologies
4.4 Justification of the
2 23/7/2023 24/7/2023 Done
Chosen Methodology
4.5 Implementation of the
1 24/7/2023 25/7/2023 Done
Selected Methodology
Chapter 5:
5 26/7/2023 31/7/2023 Done
Research Methods
5.1 Introduction 1 26/7/2023 26/7/2023 Done
5.2 Design 4 26/7/2023 30/7/2023 Done
5.3 Summary 1 30/7/2023 31/7/2023 Done
Chapter 6:
6 1/8/2023 8/8/2023 Done
Requirement Validation
6.1 Analysis of Data 3 1/8/2023 4/8/2023 Done
6.2 Summary 1 4/8/2023 5/8/2023 Done
Chapter 7:
Conclusion and 2 6/8/2023 8/8/2023 Done
Reflections
15
CHAN CHUN YEW INVESTIGATION REPORT TP057374
As computer systems are increasingly under attack, users are placing a greater emphasis on
information security. Security protects computers and everything associated with them, including
16
CHAN CHUN YEW INVESTIGATION REPORT TP057374
networks, terminals, printers, cabling, disks, and most importantly, it protects the information
available in this environment. The explosive growth of computer networks is expanding the
reach of social networks, as well as driving the development of social networks. The way content
is shared and accessed is now at the heart of a new global culture, influencing and integrating all
areas of personal and business life. (A.Ahmad Sharifi, 2014)
Web applications are generally accessible to multiple users with different permission levels.
These privileges are controlled by an authorization process to ensure that users perform only
authorized operations. A cybersecurity threat or issue is defined as a potentially malicious
activity that specifically targets one or more components of the web application architecture
(e.g., a user's browser or a web application hosting server). (Omer Aslan,2017)
According to (Indraneel Mukhopadhyay, 2010), he argues that it is unrealistic that IDPS should
be able to detect all attacks and prevent them. Given the complexity and rapid evolution of
attacks and systems, perfect detection and prevention is simply not possible. Today, even
malware developers are developing self-mutating worms that are difficult to detect even with an
IDPS. That's why updated technology for IDPS is also necessary.
Based on these issues, my system provides the fullest possible comprehensiveness for network
security issues based on the performance of IPS and IDS. Based on html and php to improve the
web application security design to provide users with good network security performance.
17
CHAN CHUN YEW INVESTIGATION REPORT TP057374
threat or issue is a potentially malicious activity that specifically targets one or more components
of a web application architecture, such as a user's browser or a web application hosting server
(Yassine Sadqi, 2021). Therefore, with the advancement of time to understand nowadays the use
of intrusion detection and defense technologies in the field of web application security will bring
different issues and impacts. In addition, in the study of network IDPS, the accessibility and
connectivity of network IDPS is often discussed. We believe that these are the key factors
affecting this topic.
18
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Hybrid Intrusion A hybrid IDPS combines the features of Hybrid IDPS for high-
Detection and an intrusion detection (IDPS) and security environments that
Prevention System intrusion prevention (IPS) system to both not only detects potential
(IDPS) detect and respond to potential threats. threats, but also proactively
blocks and prevents
potential threats.
Cloud Intrusion A cloud-based IDPS leverages cloud Cloud-based IDPS for
Detection System infrastructure to provide intrusion securing cloud workloads
detection and defense services, providing and applications, providing
scalability and flexibility for cloud-based protection for dynamic and
environments. distributed cloud
environments.
Types of IDPS
Network-based Host-based Hybrid Cloud
Deployment Deployed at single host or Combines the Utilizes cloud
strategic points server. capabilities of infrastructure to
within the IDPS and IPS. provide IDPS
network to services.
monitor traffic.
Focus Analyze network Monitors activity Provides a Monitoring
packets to detect and events on the comprehensive cloud-based
suspicious host itself. security. workloads,
activity. applications and
data.
Advantages Provides Provides detailed Real-time Scalable,
visibility across visibility into response flexible and
the network to host-level capabilities. easily adapts to
detect threats activity. dynamic cloud
19
CHAN CHUN YEW INVESTIGATION REPORT TP057374
According to table 2, network-based IDPS has a wider monitoring scope because it examines all
network traffic passing through strategic points on the network. Web-based IDPSs typically offer
centralized deployment and management, making it easier to administer and monitor from a
single console. This centralized approach simplifies configuration, monitoring and response
orchestration. Designed to handle large volumes of network traffic, a web-based IDPS can scale
to support high-traffic enterprise networks. As network traffic increases, a network-based IDPS
can handle the load efficiently. The advantage of a network-based IDPS is that it provides a
global view of network activity, detecting threats before they reach individual hosts. By
inspecting traffic at network boundaries, it can prevent potential intrusions from reaching
vulnerable hosts, thus reducing the attack surface and providing an additional layer of defense.
20
CHAN CHUN YEW INVESTIGATION REPORT TP057374
comparing the systems and identifying strategies and possibilities to differentiate the proposed
system from other competitors, the researcher can decide on the way to develop the project's
application by taking into account the market opportunities that will be available when the
project's application is released. As a result, there are many strategies that may be considered
when developing the project, such as adding features or emphasizing usability aspects to
differentiate the finished product from other software deployment tools currently in use. In this
section, the researcher will conduct a comparative analysis of three existing IDPS tools with
similar functionality, purpose, and goals.
2.3.1 Snort
First of all, Snort is an open source Intrusion Detection and Prevention System (IDPS) widely
used for network security monitoring. Snort is known for its flexibility, scalability, and power.
Snort passively sniffs network traffic by capturing packets in promiscuous mode to analyze all
packets traversing a network segment. Snort can analyze and decode a variety of network
21
CHAN CHUN YEW INVESTIGATION REPORT TP057374
protocols, including TCP, UDP, ICMP, HTTP, FTP, DNS, and more. This makes it possible to
understand the application layer of network packets. Snort includes a variety of preprocessors
that perform additional packet analysis and prepare data for inspection. Examples include HTTP
normalization, IP fragmentation, and flow reassembly. When Snort detects suspicious activity, it
generates alerts and logs containing information about the event, such as source and destination
IP addresses, timestamps, and the rule that triggered the alert.
22
CHAN CHUN YEW INVESTIGATION REPORT TP057374
2.3.2 Suricata
23
CHAN CHUN YEW INVESTIGATION REPORT TP057374
2.4 Summary
These important features and characteristics were analyzed based on a comparative analysis of
three selected existing cybersecurity domain systems, Snort, Suricata and Security Onion. The
proposed cybersecurity domain systems have similar characteristics and objectives and it can be
clearly analyzed that all the selected systems are connected to all users. In the case of Chatbot,
only Security Onion provides chatbot to help the user's problem, providing chatbot can solve
many problems for the users which they don't know and also can fully act as a guide for them to
stop more complex attacks.
24
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The project is based on a web-based application as the final management system, and most of the
development efforts are focused on two programming languages, namely front-end and back-end
components. Firstly, the front-end development includes Hypertext Markup Language (HTML),
Cascading Style Sheets (CSS) and JavaScript (JS) as shown in Figure 7 above. These three front-
end programming languages will be selected for this web application development. On the other
25
CHAN CHUN YEW INVESTIGATION REPORT TP057374
From the above table, it is clear that both PHP and Ruby are general purpose programming
languages, but the use of the Rails framework makes the languages more versatile and adaptable.
One of the reasons for the faster performance of PHP applications than Ruby applications in the
table may be that the PHP language has built-in functions, whereas Ruby has to load libraries in
order to get the appropriate functions. The development and deployment of Ruby applications
requires more skills than the development and deployment of PHP applications.
26
CHAN CHUN YEW INVESTIGATION REPORT TP057374
There is a wide variety of interactive development environments (IDEs) that play different roles
in creating software systems. An IDE provides a user interface (UI) for programming, testing and
debugging. It has the ability to compile and interpret programs (Nagathan, 2021)
The execution code editor chosen for this project is Visual Studio Code (VS Code). This IDE
combines powerful developer features with the simplicity of a source code editor. VS Code is
also recommended for web developers to use when creating their own websites, as they may feel
more comfortable when programming due to the fact that it contains powerful tools for web
technologies. On the other hand, VS Code is a free software with no additional costs within the
IDE, which is probably the best feature for all programmers.VS Code supports multiple
programming languages, cross-language references can be easily detected, and Intelli-Sense can
detect incomplete code snippets (Pedamkar, 2021).
27
CHAN CHUN YEW INVESTIGATION REPORT TP057374
3.4.1 Bootstrap
28
CHAN CHUN YEW INVESTIGATION REPORT TP057374
3.4.2 jQuery
29
CHAN CHUN YEW INVESTIGATION REPORT TP057374
My SQL is a free and open source DBMS, a type of relational database management system
(RDBMS) in the client-server model. The relational model is one of the most widely used of
DBMSs and is based on the normalization of data in tables. (Boyd, 2022).
30
CHAN CHUN YEW INVESTIGATION REPORT TP057374
31
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Firefox
Microsoft Edge
Google Chrome
To develop a great design view for a user-accessible web application, CSS is probably one of the
most critical factors that affect the quality of the proposed system. Therefore, choose a CSS
reference that is more compatible with browser support to provide better performance for your
system. The largest number of references support the three types of web browsers mentioned
above.
3.8 Summary
In short, the process of conducting a technical study improves the developer's understanding of
the technical requirements, including any software tools relevant to this project. Doing so avoids
many unnecessary cost and time issues. Developers can choose development tools with which
they are familiar, thereby improving their performance and making better use of this project. To
summarize the research in this section, the following table will clearly illustrate the technical
elements involved in the development of the proposed project.
32
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Scrum's method of working and the requirement to release functional versions after each
iteration helps produce higher quality software. Additionally, Scrum is adaptable to change
because it responds quickly to changes in requirements brought about by customer needs, and the
methodology makes it simple to incorporate changing requirements into the project (digite,
n.d.).Key roles in the Scrum framework include the Product Owner, the Scrum Master, and the
development team, and in the following section, I will describe their workloads in terms of their
Tasks.
33
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Product Owner Communicate between the client and the development team
Ensure that the finished product meets the client's expectations and
satisfies the client.
Scrum Masterworks Ensure that Scrum best practices are implemented in the project.
Schedule resources needed for sprint planning, standups, sprint
reviews, and sprint retrospectives.
Development Team Co-develop and test incremental versions of the final product
1. Initiation
This phase performs the functions associated with project initiation in order to create a more
flexible project overview and process. First, you need to define the project vision and goals
and identify the key roles, as shown in Table 8 above. As a result, based on consumer
feedback, the development team prioritizes the list of product owners. (Campbell, 2022).
34
CHAN CHUN YEW INVESTIGATION REPORT TP057374
This phase includes all processes associated with each sprint of the planning and estimation
task. Thus it includes creating and submitting user stories, approving, evaluating and creating
the sprint backlog. (Campbell, 2022)
3. Implementation
All processes associated with the tasks performed by the Scrum Team in the production of
the project product that are necessary to create deliverables, hold daily Scrum meetings, and
update product backlog items are included in this phase. (Campbell, 2022)
During this phase, the Scrum team needs to take various actions to identify areas for
improvement and figure out how to make the next sprint better than the previous one by
reviewing the deliverables or releasable items and the work that has been done. The
processes involved include sprint review, holding a Scrum meeting, presenting or validating
the sprint, and sprint retrospectives. (Campbell, 2022).
5. Release.
The main goal of this phase is to deliver the final deliverables of the project to the client and
to document and internalize the various lessons learned that the Scrum team has identified
throughout the development process. It includes the process of post-project analysis and
deliverables. (Campbell, 2022)
35
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The first SDLC model widely used in the software engineering field to ensure project success
was the waterfall approach. Using the "waterfall" approach, the entire software development
process can be broken down into phases. In this waterfall model, the results of one phase often
feed into the next.
Requirements gathering is the process of collecting software requirements from the customer and
documenting them in a Software Requirements Specification (SRS) document. The analysis
phase includes a feasibility study, project plan and project calculations. The feasibility study
evaluates the cost, revenue and feasibility of the software project. The software requirements
definition is provided by the feasibility study and is the same document as mentioned earlier.
(IONOS Digitalguide, 2019)
36
CHAN CHUN YEW INVESTIGATION REPORT TP057374
2. System design
In this phase, software architects and complex build schedules are created, focusing on
elements such as interfaces, frameworks or libraries. In this case, use cases, data flows and
connections between application components are described using UML diagrams.
3. Implementation
This phase is primarily concerned with the coding of the software, which will be done for
each component of the system using the chosen programming language. Each component has
a small program called a unit. The development and functional testing of each unit is called
unit testing. The programs of each unit are combined into an integrated module and finally
the whole system has different functionalities.
4. Testing
In this phase various testing techniques like unit testing, integration testing and system
testing will be used. The implementation step is usually when unit testing is performed,
although this phase is to ensure that any small programs are tested. Occasionally, system
users will also participate in user acceptability testing to ensure that each software feature
generated meets the criteria outlined in the SRS specification.
5. Deployment
Once functional and non-functional testing is complete, the product software is deployed to
user or customer systems, or to the marketplace. Installation, migration, and support of the
entire system in the user or customer environment occurs during the deployment phase.
(tutorialspoint, n.d.)
37
CHAN CHUN YEW INVESTIGATION REPORT TP057374
6. Maintenance
The last phase of the waterfall approach is the maintenance phase, which addresses a number
of issues that arise in the customer's environment. To ensure that the released software runs
smoothly, the maintenance phase can provide some technical support such as releasing new
patches to enhance the software with better versions. (tutorialspoint, n.d.)
38
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The Scrum workflow starts with the Product Backlog and Sprint Planning. In the Sprint Planning
meeting, the Product Owner and the Scrum Master of the team will discuss the top priority user
stories and decide which stories can be progressed to the next sprint. The output of the Sprint
Planning meeting is the Sprint Backlog. The output of the sprint planning meeting is the sprint
backlog.
Throughout the Sprint, the team collaborates to complete the tasks in the Sprint Backlog.The
Scrum Master ensures that the team follows the Scrum practices and meets the Sprint goals.
Focus on delivering increments of the IDPS web application security solution at the end of each
Sprint. Perform ongoing testing to ensure that security measures are effective and meet required
standards. Follow the Sprint Retrospective with a Sprint Review meeting to reflect on the team's
performance, discuss what went well, what can be improved, and create actionable items for
continuous improvement.
Apply feedback received during the Sprint Review and Sprint Retrospective to enhance security
features in subsequent Sprints. Continuously adapt and improve security measures in response to
39
CHAN CHUN YEW INVESTIGATION REPORT TP057374
changing threats and requirements. Repeat the Scrum process in new Sprints until the IDPS web
application security solution reaches the required level of security and functionality.
4.6 Summary
In conclusion, after reviewing the two different approaches in this chapter, the software
development methodology for this system utilizes the Scrum methodology. The comparison table
shows that the Scrum method provides a good development environment for the stakeholders.
Therefore, choosing the right method is the key to improve the development efficiency.
40
CHAN CHUN YEW INVESTIGATION REPORT TP057374
41
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Google Forms provides the ability to easily create and share online forms as well as surveys and
analyze responses in real time. It is a free online survey tool that makes it easy to collect closed-
ended data using Google Forms answer types such as multiple choice, checkbox, and linear
scales.
The figure above shows the introduction to the survey, which provided respondents with
information about current issues in the program, as well as a brief description related to the
context of the issue and the purpose of the program. For example, if the respondent identifies any
issues, an e-mail address can be provided to allow the respondent to comment based on the
particular issue.
42
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The second question in the demographic profile section was to categorize the age groups of the
respondents who participated in this survey.
43
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The purpose of Question 4 was to find out the nationality of the respondents who participated in
the survey. If the respondents are not Malaysian, they are also welcome to comment on the web
application security of IDPS.
The first question in section 3(General Questions) is to collect the percentage for respondents’
really know or have heard of IDPS web application security.
44
CHAN CHUN YEW INVESTIGATION REPORT TP057374
The question 5 was to collect respondent’s satisfaction who used with IDPS before. This is
because whether respondents are satisfied and reassured by IDPS.
Question 6 collected information about the respondents' usual online activities. This will help
them to understand their security on the internet.
45
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Question 7 collected information on whether respondents were confident in their own awareness
of web application security. This can be done by having a certain level of confidence in their
awareness of web application security.
Question 8 was to collect respondents' views on whether they are worried about cyber attacks
when they use the Internet in their day-to-day life.
46
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Question 9 collected information on whether the respondents had experienced any web security
issues while using web applications.
Question 10 was answered by whether the respondents were aware of the common web
application attack.
47
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Question 11 went through the respondents' knowledge of the IDPS through a few options to find
out which of the IDPS features they were most confident in.
Question 12 was about the extent to which IDPS is used by the respondents, and what
performance qualities should be improved by IDPS through the respondents.
48
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Question 13 went through whether respondents were satisfied with the idea of IDPS's automated
real-time prevention of potential security threats and whether it gave them peace of mind when
using the network.
Question 14 was asked through whether respondents were comfortable or worried about the web
application security features of IDPS or whether they needed more robust performance to protect
their network security.
5.4 Summary
Only quantitative research methods were used to collect data for this study. The number of
respondents is crucial in this survey in order to obtain more accurate and reliable information. A
larger number of respondents can improve the quality of the study. In order to understand the
thoughts and opinions of the target users about the proposed project, the survey contained a total
of 12 closed-ended questions and 2 open-ended questions.
49
CHAN CHUN YEW INVESTIGATION REPORT TP057374
According to the above results, there were more male participants than female participants. 78%
and 22% respectively.
50
CHAN CHUN YEW INVESTIGATION REPORT TP057374
According to the above results, the majority of respondents were from the 19-30 age group
(96%), while the 31-49 and 12-18 age groups accounted for the remaining half of the
respondents. In addition, the results show that no respondent aged 50 years or above participated
in the survey.
51
CHAN CHUN YEW INVESTIGATION REPORT TP057374
According to the above results, the majority of the respondents were of Malaysian nationality
with a percentage of 96% respectively, while 4% of the respondents were of Japanese and Indian
nationality respectively.
According to the above results, 40% of the respondents are aware of the background and
usefulness of IDPS. 30% of the respondents are not aware of the usefulness of IDPS and 30% of
the respondents are not sure about the usefulness that IDPS brings. From this analysis, we can
52
CHAN CHUN YEW INVESTIGATION REPORT TP057374
determine that more than half of the 50 respondents do not have a strong awareness of the cyber
security protection of IDPS.
Figure 34 shows that 44% of the respondents were generally satisfied with the security of web
applications brought about by IDPS. With the exception of 8.9% (4 respondents) and 4.4% (2
respondent), the rest of the respondents were comfortable with the use of IDPS.
53
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Figure 35 shows that almost all respondents use web applications very frequently. Through 60%
(30 respondents) we can understand that people and internet are connected all the time.
The above graph shows that all the respondents have protected their online privacy. They have
some confidence in their online security. By 50% (25 respondents) we can understand that the
respondents are security conscious, but they don't have high confidence in web applications.
54
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Through the above graph, it shows that every respondent has a different level of concern about
being cyber-attacked. By comparing the 14% (7 respondents) who are the most worried and the
16% (8 respondents) who are the least worried, we can see the most of respondents do not have a
high level of web application security awareness.
55
CHAN CHUN YEW INVESTIGATION REPORT TP057374
In Figure 38 above, we can see that most of the people are not facing security problems. 74% of
the people are taking security precautions on their network. In 26% of the cases, there was a
problem that someone's account was leaked, and we believe that with this experience, they will
be able to take better security precautions.
56
CHAN CHUN YEW INVESTIGATION REPORT TP057374
As we can see from the above graph, most of the people do not recognize or have not
encountered the common web application attacks. Comparing the 36% of the respondents to the
14% of the people who have been attacked in Figure 38 above, I believe that it is the people who
have been attacked who are more aware of these web application attacks.
As we can understand from the above chart, everyone has a different opinion about the basic
functions of IDPS in web application security. Based on 38% (real-time monitoring), 22% (web
application firewall (WAF)), 14% (user authentication and access control), and 26% (real-time
57
CHAN CHUN YEW INVESTIGATION REPORT TP057374
alerts), the author believes that real-time monitoring was chosen because it is critical in all areas,
especially in network security and business operations.
Through the above graph we can understand that the respondents have different views about the
solution of IDPS web application security. The analysis of the above graph shows that Ease of
Use and Upgrade have a very high support rate. It is believed that the respondents are in favor of
Ease of Use and Upgrade for IDPS web application security solution.
58
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Figure 42 shows that almost all respondents were satisfied with the idea of IDPS automatically
preventing potential security threats in real time. The problem with manually preventing
potential security threats is that they are difficult to detect. Automation saves time and makes it
easier to detect hard-to-detect security vulnerabilities.
59
CHAN CHUN YEW INVESTIGATION REPORT TP057374
60
CHAN CHUN YEW INVESTIGATION REPORT TP057374
61
CHAN CHUN YEW INVESTIGATION REPORT TP057374
6.2 Summary
After analyzing and evaluating the data in the form of a questionnaire, many of the responses
provided comments and insights. By analyzing the survey data, the researchers were able to gain
a clear understanding of the perspectives on developing web applications. By analyzing their
responses, the researchers were also able to gain a deeper understanding of the concerns of the
target users and what they suffer from in terms of transportation-related issues.
In addition, through this critical data collection method, it can be seen that more users should be
not too aware of the existence of current IDPS web application security in order to design
applications that are suitable for people to improve their quality of life.
62
CHAN CHUN YEW INVESTIGATION REPORT TP057374
In addition, the researcher conducted a literature review at an early stage to confirm the
feasibility of the proposed system. In addition to this, domain studies and similar systems
provided more and more information and ideas for the researchers to grasp the challenges facing
the project in depth. The more work the researchers carry out, the more experience they will have
in the development phase. For example, technical requirements, software development methods,
and research methods can improve the efficiency of the development of a proposed system. In
this study, the research methodology was chosen as only one way of collecting data through
questionnaires. These questionnaires were administered to 30 target respondents. The data
analyzed was informative due to the good response from the respondents.
In conclusion, writing a survey report is a necessary step in developing the various requirements
needed to study and evaluate the program. By analyzing it, I have accumulated the information
needed for the development phase of the project.
63
CHAN CHUN YEW INVESTIGATION REPORT TP057374
References
1. Chiba, Z., Abghour, N., Moussaid, K., Omri, A. E., & Rida, M. (2019). Intelligent
approach to build a Deep Neural Network based IDS for cloud environment using
combination of machine learning algorithms. Computers & Security, 86, 291–317.
https://doi.org/10.1016/j.cose.2019.06.013
3. SNORT - Network Intrusion Detection & Prevention System. (n.d.). Retrieved from
https://www.snort.org
4. Sadqi, Y., & Mekkaoui, M. (2021). Design challenges and assessment of modern Web
Applications Intrusion Detection and Prevention Systems (IDPS). In Lecture notes in
networks and systems (pp. 1087–1104). https://doi.org/10.1007/978-3-030-66840-2_83
5. Ingalls, S. (2023). 13 Best Intrusion Detection and Prevention Systems (IDPS) for 2023.
eSecurityPlanet. Retrieved from https://www.esecurityplanet.com/products/intrusion-
detection-and-prevention-systems/
6. What type of intrusion detection and prevention system do I need? (2023, June 14).
Retrieved from https://kirkpatrickprice.com/blog/idps-techniques/
7. Hiremath, O. (2023). Why WAFs are not enough. Software Secured. Retrieved from
https://www.softwaresecured.com/why-wafs-are-not-enough/
64
CHAN CHUN YEW INVESTIGATION REPORT TP057374
10. Blogger, G. (2023, August 7). Open source IDS tools: Comparing Suricata, Snort, Bro
(Zeek), Linux. Retrieved from
https://cybersecurity.att.com/blogs/security-essentials/open-source-intrusion-detection-
tools-a-quick-overview
12. Malsam, W. (2023, July 20). Scrum methodology: An introduction to the scrum process.
Retrieved from https://www.projectmanager.com/blog/scrum-methodology
13. Lutkevich, B., & Lewis, S. (2022). waterfall model. Software Quality. Retrieved from
https://www.techtarget.com/searchsoftwarequality/definition/waterfall-model
14. DeClute, D. (2023). Scrum vs. Waterfall: What’s the difference? TheServerSide.com.
Retrieved from https://www.theserverside.com/tip/Scrum-vs-Waterfall-Whats-the-
difference#:~:text=The%20key%20difference%20between%20Waterfall,lifecycle
%20into%20discrete%2C%20isolated%20phases.
65
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Appendices
66
CHAN CHUN YEW INVESTIGATION REPORT TP057374
67
CHAN CHUN YEW INVESTIGATION REPORT TP057374
68
CHAN CHUN YEW INVESTIGATION REPORT TP057374
69
CHAN CHUN YEW INVESTIGATION REPORT TP057374
70
CHAN CHUN YEW INVESTIGATION REPORT TP057374
71
CHAN CHUN YEW INVESTIGATION REPORT TP057374
72
CHAN CHUN YEW INVESTIGATION REPORT TP057374
73
CHAN CHUN YEW INVESTIGATION REPORT TP057374
74
CHAN CHUN YEW INVESTIGATION REPORT TP057374
75
CHAN CHUN YEW INVESTIGATION REPORT TP057374
76
CHAN CHUN YEW INVESTIGATION REPORT TP057374
77
CHAN CHUN YEW INVESTIGATION REPORT TP057374
78
CHAN CHUN YEW INVESTIGATION REPORT TP057374
79
CHAN CHUN YEW INVESTIGATION REPORT TP057374
80
CHAN CHUN YEW INVESTIGATION REPORT TP057374
81
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Log Sheet 2
82
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Log Sheet 3
83
CHAN CHUN YEW INVESTIGATION REPORT TP057374
Gantt Chart
84
CHAN CHUN YEW INVESTIGATION REPORT TP057374
85