VISVESVARAYA TECHNOLOGICAL UNIVERSITY JNANA SANGAMA, BELGAUM-590018

A Seminar Report On

DOUBLE GUARD: DETECTING INTRUSIONS IN MULTI-TIER WEB APPLICATIONS

A Seminar report submitted in partial fulfillment of the requirements for the VIII Semester degree of Bachelor of Engineering in Information Science and Technology

of Visvesvaraya Technological University, Belgaum

Submitted by

DIVYA KUSN : 1RN09IS016

Under the Guidance of

MANOJ KUMAR HAssistant Professor

Information Science and EngineeringRNS Institute of Technology

Department of Information Science and Engineering

RNS Institute of TechnologyChannasandra, Uttarahalli-Kengeri main Road, Bangalore-560 098

2012-2013

RNS Institute of TechnologyChannasandra, Uttarahalli-Kengeri main Road,

Bangalore-560 098

DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

CERTIFICATE

Certified that the Seminar on topic Double Guard: Detecting Intrusions in

Multi-tier Web Applications has been successfully presented at RNS Institute of

Technology by Divya K , bearing USN 1RN09IS016 , in partial fulfillment of the

requirements for the VIII Semester degree of Bachelor of Engineering in Information

Science and Engineering of Visvesvaraya Technological University, Belgaum during

academic year 2012-2013. It is certified that all corrections/suggestions indicated for

Internal Assessment have been incorporated in the report deposited in the departmental

library. The Seminar report has been approved as it satisfies the academic requirements in

respect of Seminar work for the said degree.

Mr. Manoj Kumar H Ms. Leelavathi H V Assistant Professor Seminar Coordinator

Dr. M V Sudhamani Dr. M K Venkatesha Prof. and HOD Principal

DECLARATION

I, Divya K [USN: 1RN09IS016], student of VIII Semester BE, in Information

Science and Engineering, RNS Institute of Technology hereby declare that the Seminar

entitled “DoubleGuard: Detecting Intrusions In Multi-tier Web Applications” has been

carried out by me and submitted in partial fulfillment of the requirements for the VIII

Semester degree of Bachelor of Engineering in Information Science and Engineering of

Visvesvaraya Technological University, Belgaum during academic year 2012-2013.

Date : 15th March 2013 Divya K

Place : Bengaluru USN : 1RN09IS016

ACKNOWLEDGEMENT

The satisfaction and euphoria that accompany the successful completion of any task would

be incomplete without the mention of the people who made it possible, whose constant

guidance and encouragement crowned the efforts with success.

I would like to profoundly thank Management of RNS Institute of Technology for

providing such a healthy environment for the successful completion of Seminar work.

I would like to express my thanks to the Director Dr. H N Shivashankar and the Principal

Dr. M K Venkatesha for their encouragement that motivated me for the successful

completion of Seminar work.

It gives me immense pleasure to thank Dr. M V Sudhamani Professor and Head of

Department for her constant support and encouragement.

Also, I would like to express my deepest sense of gratitude to my Seminar guide Mr. Manoj

Kumar H Assistant Professor, Department of Information Science & Engineering for his

constant support and guidance throughout the Seminar work.

I would also like to thank the Seminar Coordinator Ms. Leelavathi H V Assistant Professor,

Department of Information Science & Engineering and all other teaching and non-teaching

staff of Information Science Department who has directly or indirectly helped me in the

completion of the Seminar work.

Last, but not the least, I would hereby acknowledge and thank my parents who have been a

source of inspiration and also instrumental in the successful completion of the seminar work.

- Divya K

ABSTRACT

Double Guard, an Intrusion Detection System that models the network behavior of user

sessions across both the front-end web server and the back-end database. By monitoring

both web and subsequent database requests, it was possible to ferret out attacks that an

independent IDS would not be able to identify. Furthermore, the limitations of any multi-tier

IDS in terms of training sessions and functionality coverage were quantified. Double Guard

using an Apache Web server with MySQL and lightweight Virtualization has been

implemented. Collection and processing real-world traffic over a 15-day period of system

deployment in both dynamic and statics web applications. Finally using Double Guard, it

was possible to expose a wide range of attacks with 100 % accuracy while maintaining 0%

false positives for static web services and 0.6% false positives for dynamic web services.

CONTENTS

1. Introduction 1

2. The Intrusion Detection System 3

2.1 Introduction of IDS 3

2.2 Categories of IDS 3

2.3 Drawbacks of IDSs 4

3. Data Mining Technology 5

4. Intrusion Detection System In Web Services 7

4.1 Introduction 7

4.2 Related Work 9

4.3 Problem Statement 10

4.4 Proposed System 10

4.5 Proposed Architecture Description 11

5. Related Work 13

6. Threat Model And System Architecture 166.1 Architecture and Confinement 16

6.2 Building the Normality Model 17

6.3 Attack Scenarios 18

6.4 DoubleGuard Limitations 20

7. Modelling Deterministic Mapping And Patterns 21

7.1 Inferring Mapping Relations 21

7.2 Modelling for Static Websites 22

7.3 Testing for Static Websites 23

7.4 Modelling of Dynamic Patterns 24

7.5 Detection for Dynamic Websites 24

8. Performance Evaluation 25

8.1 Implementation 25

8.2 Container Overhead 25

8.2 Static website model in training phase 27

8.4 Dynamic modelling detection rates 28

8.5 Attack Detection 28

9. Conclusion 30

References 31