DOUBLEGUARD: DETECTING

INTRUSIONS IN MULTITIER WEB APPLICATIONS

Presented by, 309175710068 309175710071 309175710086

309175710099

INTRODUCTION

To accommodate the increase in application and data complexity over Internet, web services have moved to a multitiered design. In multitiered design, o The webserver runs the application front-end logic. o Data are outsourced to a database or file server.

AIM-DOUBLEGUARD
In this project, we propose an efficient IDS system called DoubleGuard system that models the network behaviour of user sessions across both the front-end webserver and the back-end database. Front-end webserver requests are the HTTP requests and the back-end database queries are the File or SQL queries.

EXISTING SYSTEM
The existing Intrusion Detection Systems (IDSs) currently examine network packets individually within both the web server and the database system. However, there is a very little work being performed on multitiered Anomaly Detection(AD) systems that generate models of network behavior for both web and database network interactions. Here the back end database server is often protected behind a firewall while the web servers are remotely accessible over the Internet.

DISADVANTAGES OF EXISTING SYSTEM

Both the web server and database servers are vulnerable. Attacks are network-borne and come from the web clients. They can launch application-layer attacks to compromise the web servers they are connecting to. The attackers can bypass the web server to directly attack the database server and sometimes may take over the web server after attacks by attaining full control of the server to launch subsequent attacks.

PROPOSED SYSTEM {DOUBLEGUARD}

Doubleguard can build a casual mapping profile by taking both the webserver and DB traffic into account. By monitoring both web and subsequent database requests, we are able to ferret out attacks that an independent IDS would not be able to identify. In doubleguard, the new container based web server architecture enables us to separate the different information flows by each session.

ADVANTAGES OF PROPOSED SYSTEM

Provides an effective mechanism to detect the different types attacks. This system also creates a casual mapping profile by taking both web server and database traffic into account. Provides a better characterisation for anomaly detection with the correlation of input streams.

SYSTEM ARCHITECTURE

ATTACKS
1. 2. 3.

Privilege Escalation Attack Hijack Future Session Attack SQL Injection Attack

4.

Direct DB Attack