seminar report 2013
DESCRIPTION
SeminarTRANSCRIPT
VISVESVARAYA TECHNOLOGICAL UNIVERSITY JNANA SANGAMA, BELGAUM-590018
A Seminar Report On
DOUBLE GUARD: DETECTING INTRUSIONS IN MULTI-TIER WEB APPLICATIONS
A Seminar report submitted in partial fulfillment of the requirements for the VIII Semester degree of Bachelor of Engineering in Information Science and Technology
of Visvesvaraya Technological University, Belgaum
Submitted by
DIVYA KUSN : 1RN09IS016
Under the Guidance of
MANOJ KUMAR HAssistant Professor
Information Science and EngineeringRNS Institute of Technology
Department of Information Science and Engineering
RNS Institute of TechnologyChannasandra, Uttarahalli-Kengeri main Road, Bangalore-560 098
2012-2013
RNS Institute of TechnologyChannasandra, Uttarahalli-Kengeri main Road,
Bangalore-560 098
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING
CERTIFICATE
Certified that the Seminar on topic Double Guard: Detecting Intrusions in
Multi-tier Web Applications has been successfully presented at RNS Institute of
Technology by Divya K , bearing USN 1RN09IS016 , in partial fulfillment of the
requirements for the VIII Semester degree of Bachelor of Engineering in Information
Science and Engineering of Visvesvaraya Technological University, Belgaum during
academic year 2012-2013. It is certified that all corrections/suggestions indicated for
Internal Assessment have been incorporated in the report deposited in the departmental
library. The Seminar report has been approved as it satisfies the academic requirements in
respect of Seminar work for the said degree.
Mr. Manoj Kumar H Ms. Leelavathi H V Assistant Professor Seminar Coordinator
Dr. M V Sudhamani Dr. M K Venkatesha Prof. and HOD Principal
DECLARATION
I, Divya K [USN: 1RN09IS016], student of VIII Semester BE, in Information
Science and Engineering, RNS Institute of Technology hereby declare that the Seminar
entitled “DoubleGuard: Detecting Intrusions In Multi-tier Web Applications” has been
carried out by me and submitted in partial fulfillment of the requirements for the VIII
Semester degree of Bachelor of Engineering in Information Science and Engineering of
Visvesvaraya Technological University, Belgaum during academic year 2012-2013.
Date : 15th March 2013 Divya K
Place : Bengaluru USN : 1RN09IS016
ACKNOWLEDGEMENT
The satisfaction and euphoria that accompany the successful completion of any task would
be incomplete without the mention of the people who made it possible, whose constant
guidance and encouragement crowned the efforts with success.
I would like to profoundly thank Management of RNS Institute of Technology for
providing such a healthy environment for the successful completion of Seminar work.
I would like to express my thanks to the Director Dr. H N Shivashankar and the Principal
Dr. M K Venkatesha for their encouragement that motivated me for the successful
completion of Seminar work.
It gives me immense pleasure to thank Dr. M V Sudhamani Professor and Head of
Department for her constant support and encouragement.
Also, I would like to express my deepest sense of gratitude to my Seminar guide Mr. Manoj
Kumar H Assistant Professor, Department of Information Science & Engineering for his
constant support and guidance throughout the Seminar work.
I would also like to thank the Seminar Coordinator Ms. Leelavathi H V Assistant Professor,
Department of Information Science & Engineering and all other teaching and non-teaching
staff of Information Science Department who has directly or indirectly helped me in the
completion of the Seminar work.
Last, but not the least, I would hereby acknowledge and thank my parents who have been a
source of inspiration and also instrumental in the successful completion of the seminar work.
- Divya K
ABSTRACT
Double Guard, an Intrusion Detection System that models the network behavior of user
sessions across both the front-end web server and the back-end database. By monitoring
both web and subsequent database requests, it was possible to ferret out attacks that an
independent IDS would not be able to identify. Furthermore, the limitations of any multi-tier
IDS in terms of training sessions and functionality coverage were quantified. Double Guard
using an Apache Web server with MySQL and lightweight Virtualization has been
implemented. Collection and processing real-world traffic over a 15-day period of system
deployment in both dynamic and statics web applications. Finally using Double Guard, it
was possible to expose a wide range of attacks with 100 % accuracy while maintaining 0%
false positives for static web services and 0.6% false positives for dynamic web services.
CONTENTS
1. Introduction 1
2. The Intrusion Detection System 3
2.1 Introduction of IDS 3
2.2 Categories of IDS 3
2.3 Drawbacks of IDSs 4
3. Data Mining Technology 5
4. Intrusion Detection System In Web Services 7
4.1 Introduction 7
4.2 Related Work 9
4.3 Problem Statement 10
4.4 Proposed System 10
4.5 Proposed Architecture Description 11
5. Related Work 13
6. Threat Model And System Architecture 166.1 Architecture and Confinement 16
6.2 Building the Normality Model 17
6.3 Attack Scenarios 18
6.4 DoubleGuard Limitations 20
7. Modelling Deterministic Mapping And Patterns 21
7.1 Inferring Mapping Relations 21
7.2 Modelling for Static Websites 22
7.3 Testing for Static Websites 23
7.4 Modelling of Dynamic Patterns 24
7.5 Detection for Dynamic Websites 24
8. Performance Evaluation 25
8.1 Implementation 25
8.2 Container Overhead 25
8.2 Static website model in training phase 27
8.4 Dynamic modelling detection rates 28
8.5 Attack Detection 28
9. Conclusion 30
References 31