i ANNA UNIVERSITY: CHENNAI 600 025 BONAFIDE CERTIFICATECertified that this project report titled “DoubleGuard detection inMultitier Architecture” is the bonafide work of A.VENKATESAN(REG.NO:912011405017), who carried out the Project Phase I under mysupervision during June 2012 to December 2012. SIGNATURE SIGNATUREProf. U. NIRAICHANDRAN, M.Tech., Mr.S.ATHIRAYAN, M.E.,Professor & Head, SUPERVISOR/Asst.ProfessorComputer Science and Engineering Computer Science and EngineeringPandian Saraswathi Yadav Engineering Pandian Saraswathi Yadav EngineeringCollege, Sivagangai- 630 561. College, Sivagangai- 630 561.Submitted for the Viva-Voce examination held at “Pandian Saraswathi YadavEngineering college Sivagangai” on…………………. Internal Examiner External Examiner
ii ACKNOWLEDGEMENT First of all, I thank god almighty for his wisdom and his substantial blessingsby which I have been able to complete my phase 1 of this project successfully. I would like to express my sincere thanks and gratitude to our belovedFounder “Hindu Rattan” Mr. Malaysia S.Pandian, of our college, for hissupport. I express my thanks to our Managing Director Mr.S.P.VaradhaRajan B.E.,of our college, for his support. My special thanks to our Principal Dr.K.Kannan for permitting me toundertake this project. No word of gratitude will be sufficient to pay our heartfelt thanks toProf. U. Nirai Chandran M.Tech., HOD (CSE) for his valuable suggestion andkind cooperation, and I would also like to extend my thanks to the other staffs ofCSE & IT department. I sincerely thank my Internal Guide, Mr.S.Athirayan M.E., Assistant Professor (CSE) for having confidence in me and supporting mein all stages to complete the phase 1 of this project. I am grateful to express my gratitude to my parents and friends for theirprayers, cooperation and efforts in encouraging me, which boosted me to finish myfirst phase of this project efficiently.
iii ABSTRACT In this project, we propose an efficient IDS system called as DoubleGuard system that models the network behavior for multilayered webapplications of user sessions across both front-end web (HTTP) requests andback-end database (SQL) queries. In this system, Double Guard formscontainer-based IDS with multiple input streams to produce alerts. In typicalthree-tiered web server architecture, the web server receives HTTP requestsfrom user clients and then issues SQL queries to the database server to retrieveand update data. This proposed container-based and session-separated webserver architecture enhances the security performances and also providesthe isolation between the information flows that are separated in eachcontainer session. In order to detect the abnormal behaviors on asession/client level, Casual Mapping profile model is newly developed tomap between the web server requests and the subsequent DB queries. Anintrusion detection system (IDS) is used to detect potential violations indatabase security. In every database, some of the attributes are consideredmore sensitive to malicious modifications compared to others . This projectconsider also product the sensitivity information.
iv TABLE OF CONTENTSCHAPTER NO. TITLE PAGE NO. ABSTRACT III LIST OF FIGURES VII LIST OF ABBREVIATION VIII 1 INTRODUCTION 1.1 THREE TIER ARCHITECTURE 1 1.1.1 FIRST TIER 1 1.1.2 SECOND TIER 1 1.1.3 THIRD TIER 2 1.2 INTRODUCTION ABOUT THE SYSTEM 2 1.3 DOUBLE GUARD DETECTION 3 1.4 CONTAINERS AND LIGHT WEIGHT VIRTUALIZATION 4 1.5 OBJECTIVE 5 1.6 EXISTING SYSTEM 5 1.6.1 CLASSIC 3 TIER MODEL 5 1.6.2 LIMITATION OF EXISTING SYSTEM 6 1.7 PROPOSED SYSTEM 7 1.7.1 ADVANTAGES 8 2 LITERATURE SURVEY 2.1TOWARD AUTOMATION DETECTION OF LOGIC VULNARABILITES SYSTEM 9 2.2 ANOMALY DETECTION OF WEB BASED ATTACKS 10 2.3 DATABASE INTRUSIONDETECTION USING
v WEIGHT SEQUENCE MINING 11 2.4 EFFICIENTLY TRACKING APPLICATION INTRACTIONS USING LIGHTWEIGHT VIRTUALIZATION 13 2.5 FAST AND AUTOMATED GENERATION OF ATTACK SIGNATURES 14 2.6 POLYGRAPH AUTOMATICALLY GENERATING SIGNATURES FOR POLYMORPHIC WORMS 16 2.7 A STATEFUL INTRUSION DETECTION SYSTEM FOR WORLD WIDE WEB SERVERS 17 2.8 AN EFFICIENT BLACK BOX TECHNIQUE FOR DEFEATING WEB APPLICATION ATTACKS 18 2.9 INTRUSION DETECTION VIA STATIC ANALYSIS 20 2.10 CLAMP PRACTIVAL PREVENTION OF LARGE SCALE DATA LEAKS 213 REQUIREMENT SPECIFICATION 3.1 HARDWARE SPECIFICATION 23 3.2 SOFTWARE SPECIFICATION 23 3.2.1 JAVA 23 3.2.2 NETBEANS 274 METHODOLOGY 4.1 CREATE CONTAINER MODEL 28 4.2 BUILDING NORMALITY MODEL 29
vi5 SYSTEM DESIGN 5.1 STATIC MODEL 32 5.2 MAPPING RELATIONS 33 5.2.1 DETERMINISTIC MAPPING 33 5.2.2 EMPTY QUERY SET 34 5.2.3 NO MATCHED REQUEST 34 5.2.4 NONDETERMINISTIC MAPPING 34 5.3 STATIC MODEL BUILDING ALGORITHM 35 5.4 TESTING FOR STATIC WEBSITES 37 5.5 MODELING OF DYNAMIC PATTERNS 376 RESULTS AND DISCUSSION 6.1 SCREEN SHOTS 397 CONCLUSION AND FUTURE WORK 7.1 CONCLUSION 43 7.2 FUTURE ENHANCEMENT 448 REFERENCES 45
vii LIST OF FIGURESFIGURE NO. FIGURE TITLE PAGE NO. 1.6.2 Classic 3 tier architecture 6 4.2 webserver instances running in containers 30 5.2.1 Deterministic mapping using session ID of the container (VE) 33 6.1 Home page 39 6.2 Login page 39 6.3 Allocating containters 40 6.4 User login status 40 6.5 User register informations 41 6.6 Status of the model 41 6.7 Logout session 42
viii LIST OF ABBREVIATIONHTML Hyper Text Markup LanguageHTTP Hyper Text Markup LanguageJSP Java Server pageIDS Intrusion Detection SystemCMS Content management systemSQL Structured Query Language