ISSN 2319 - 5975 Volume No.2, February – March 20132013, 09 - 14 Niraj Gaikwad et al., International Journal of Networks2,and Systems, 2(2), February – March
International Journal of Networks and Systems Available Online at http://warse.org/pdfs/2013/ijns02222013.pdf
DoubleGuard: Detecting & Preventing Intrusions in Multitier Web Applications Niraj Gaikwad1, Swapnil Kandage2, Dhanashri Gholap3 B.E. Computer Department,P.G.M.C.O.E.,Wagholi,Pune, India, nirajgaikwad2837@gmail.com 2 B.E. Computer Department,P.G.M.C.O.E.,Wagholi,Pune, India, swapnilkandge4482@gmail.com 3 B.E. Computer Department,P.G.M.C.O.E.,Wagholi,Pune, India, dhanugholap76@gmail.com 1
ABSTRACT
the attacker to attack the server can be detected by the web IDS and the database IDS [4] and prohibit to enter within the server. But, if the attacker uses the normal traffic to attack the web servers and database server then such type of attack cannot be able to detect by a IDSs.
Internet services and applications have become an indivisible part of our daily life. These applications and services are made available through Web Servers and they make use of Database [1], [2] Servers for fulfillment of user’s request. Both of these servers are prone to attacks. DoubleGuard provides Intrusion Prevention [7] Systems at both the ends (Web Server and Database Server). The prevention logic [5] of our system works on session tracking and control. Through these DoubleGuard provides a secure environment for the application. We are monitoring the Web and its subsequent Database requests so that we can able to ferret out attack which could not able to identify by independent IDS. DoubleGuard is implemented using an Apache web server with MySQL and lightweight virtualization.
DoubleGuard is a system which is used to detect the attacks in multitier web services. In this system of DoubleGuard we are creating normality model of isolated user sessions which include both the web front-end as HTTP and back-end as File or SQL for network transaction. In DoubleGuard we are going to use lightweight virtualization technique for assigning each user’s web session to a dedicated container which provides an isolating virtual environment. So, we will take each web request with its subsequent database queries which will be associate with the accurate container ID. DoubleGuard will take the web server and database traffic for mapping profile into proper and accurate account.
Keywords: Virtualization, Intrusion, Multi Tier, IDS, Anomaly. 1 INTRODUCTION
The performance testing for DoubleGuard system has reasonable performance overhead which is practical for most of the applications. There is no overhead in comparison when there is moderate request rate and when the server is already overloaded i.e. worst case we get near about 26 percent performance overhead. By using the container based web architecture which not only encourages the profiling of relating mapping model but it also provides an isolation which will be helpful in detecting Future Session-Hijack attacks. In lightweight virtualization environment we can use different container each of which are separate from other container for running multiple instances of web server. As container are easily instantiated and destroyed for each user and which is lasting for only short time. If attacker would be able to attack the single user session, the other user sessions remain unaffected because the damage of the single user session is kept within the limit i.e. to that particular session only.
Over a past few year web services and applications had increased in popularity and complexity. As day to day our most of the task such as banking, social networking, online shopping are done and directly depend on web. The services which are used on the web to run or use the application [8] user interface logic for front end and server which stores the database or file server for particular user data are the back end server. Due to the use of web services which is present everywhere for personal as well as corporate data they have been targeted for the attack. Attacker had diverged the front end attack by attacking the backend server which provides the useful and valuable data for the attackers. Intrusion detection [9], [11] systems have been widely used to detect the attacks which are known by matching misused traffic patterns or signatures [3], [6] to protect the multi tiered web services. The IDS class has a power of machine learning which can detect unknown attack by identifying the abnormal behavior of the network traffic action from previous behavior of IDS phase. The abnormal network traffic which are send by
We are making direct causal relationship between the requests received by the front-end web server and those generated for the database back-end for the (website which do not have permissions for content modifications done from user) static website. According to the prior knowledge of web 9
@ 2012, IJNS All Rights Reserved