Today, the use of distinct internet services and their applications by people are increase in very large amount. Due to its usage, it results the increase in data complexity. So, web services turn their focus on multi-tier design where web server acts as front-end and database server acts as back-end. Attackers try to hack personal data by targeting database server, hence it need to provide more security to both web server and database server. In this paper, the doubleguard system proposes an efficient intrusion detection and prevention system which detects and prevents various attacks in multi-tier web applications. This IDS system keeps track of all user sessions across both web server and database server. For this, it allocates the dedicated web container to each user’s session. Each user is associated with unique session ID which enhances more security. The system built well correlated model for website and detects and prevents various type of attacks. The system is implemented by using Apache webserver with MySQL.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Intrusion detection architecture for different network attackseSAT Journals
Abstract Now these days most of the work is carried out by internet. So web application becomes important part of today’s life, such as online banking, social networking, online shopping, enabling communication and management of personal information. So web services now have shifted to multi-tier design to accommodate this increase in web application and data complexity. Due to this high use of web application networks attacks increased with malicious purpose. DoubleGuard is an Intrusion Detection System helps to detect and prevent the networks attacks. DoubleGuard is able to find out attacks after checking web and database requests. Along with this, in this paper adding one more level that is admin, it is responsible for the training to the system, log generation, blacklist and employee entry. This IDS system provides security to prevent both the web server and database server. Key Words: DoubleGuard; Web Application; Multitier; IDS; Attacks.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONijiert bestjournal
This document discusses security techniques for front-end and back-end databases in three-tier web applications. It proposes a double security system that assigns each user session to a dedicated container or virtual computing environment. This allows the system to map and profile activity between the web server and database server, enabling it to detect attacks. The system separates traffic by session, analyzes HTTP requests and SQL queries, maps requests to queries, and can detect direct database attacks or SQL injection attacks by checking for unmapped queries.
DoubleGuard is an intrusion detection system that models the network behavior of user sessions across both the front-end web server and back-end database to detect attacks that independent IDS's would miss, by monitoring both web requests and subsequent database queries; it was implemented using Apache, MySQL, and virtualization, and evaluated on real-world traffic over 15 days with 100% accuracy on static web apps and 0.6% false positives on dynamic apps.
The International Journal of Engineering and Science (The IJES)theijes
This document summarizes a research paper that proposes a new intrusion detection system (IDS) to identify distributed denial-of-service (DDoS) attacks in multitier web applications. The system models relationships between web server requests and database queries to detect attacks where normal traffic is used maliciously. It handles both deterministic and non-deterministic relationships. For static websites, the system classifies traffic into patterns and builds a mapping model. For dynamic websites, it aims to extract one-to-many mappings despite parameter variations and overlapping operations. The paper also discusses SQL tautology attacks, which exploit input fields to bypass authentication or extract all data.
This document discusses SQL injection attacks in banking transactions and methods to prevent them. It begins with an abstract discussing how SQL injections are a major security issue for banking applications and can be used to access secret information like usernames and passwords or bank databases. The document then provides examples of SQL injection attacks on banks, describes how hackers perform SQL injections, and discusses approaches like input validation, static query statements, and least privilege to prevent injections. It also introduces tools like Amnesia and the X-Log Authentication technique to detect and block injection attacks. The conclusion is that Amnesia and X-Log Authentication are effective techniques for preventing SQL injections in banking transactions.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Intrusion detection architecture for different network attackseSAT Journals
Abstract Now these days most of the work is carried out by internet. So web application becomes important part of today’s life, such as online banking, social networking, online shopping, enabling communication and management of personal information. So web services now have shifted to multi-tier design to accommodate this increase in web application and data complexity. Due to this high use of web application networks attacks increased with malicious purpose. DoubleGuard is an Intrusion Detection System helps to detect and prevent the networks attacks. DoubleGuard is able to find out attacks after checking web and database requests. Along with this, in this paper adding one more level that is admin, it is responsible for the training to the system, log generation, blacklist and employee entry. This IDS system provides security to prevent both the web server and database server. Key Words: DoubleGuard; Web Application; Multitier; IDS; Attacks.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONijiert bestjournal
This document discusses security techniques for front-end and back-end databases in three-tier web applications. It proposes a double security system that assigns each user session to a dedicated container or virtual computing environment. This allows the system to map and profile activity between the web server and database server, enabling it to detect attacks. The system separates traffic by session, analyzes HTTP requests and SQL queries, maps requests to queries, and can detect direct database attacks or SQL injection attacks by checking for unmapped queries.
DoubleGuard is an intrusion detection system that models the network behavior of user sessions across both the front-end web server and back-end database to detect attacks that independent IDS's would miss, by monitoring both web requests and subsequent database queries; it was implemented using Apache, MySQL, and virtualization, and evaluated on real-world traffic over 15 days with 100% accuracy on static web apps and 0.6% false positives on dynamic apps.
The International Journal of Engineering and Science (The IJES)theijes
This document summarizes a research paper that proposes a new intrusion detection system (IDS) to identify distributed denial-of-service (DDoS) attacks in multitier web applications. The system models relationships between web server requests and database queries to detect attacks where normal traffic is used maliciously. It handles both deterministic and non-deterministic relationships. For static websites, the system classifies traffic into patterns and builds a mapping model. For dynamic websites, it aims to extract one-to-many mappings despite parameter variations and overlapping operations. The paper also discusses SQL tautology attacks, which exploit input fields to bypass authentication or extract all data.
This document discusses SQL injection attacks in banking transactions and methods to prevent them. It begins with an abstract discussing how SQL injections are a major security issue for banking applications and can be used to access secret information like usernames and passwords or bank databases. The document then provides examples of SQL injection attacks on banks, describes how hackers perform SQL injections, and discusses approaches like input validation, static query statements, and least privilege to prevent injections. It also introduces tools like Amnesia and the X-Log Authentication technique to detect and block injection attacks. The conclusion is that Amnesia and X-Log Authentication are effective techniques for preventing SQL injections in banking transactions.
Us20140380431 Patent: COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST...Telefónica
A computer implemented method and computer program
products to prevent attacks against authorization systems
The computer implemented method comprising controlling
the access to different resources and actions de?ned for a user
by a ?rst server, reducing the exposure time at Which such
operations are available and establishing a dual channel verification through the use of a second server.
The computer programs implement the method.
This document presents a technique to enhance password-username authentication by addressing SQL injection and online password guessing attacks. The technique combines cryptographic hashing of passwords, recognition-based graphical passwords, and parameterized queries. Users register with a username, password, and graphical password. The password is hashed with a salt during registration. Login allows two attempts with the username and password before requiring the graphical password. IPs are blocked after one failed graphical attempt to prevent brute force attacks while still allowing legitimate users access. Security testing showed the technique prevented SQL injection and online password guessing attacks.
The document discusses a three-tier architecture for web applications with clients, application servers, and databases. It proposes a system called Double Guard that uses lightweight virtualization to assign each user session to an isolated container. This allows Double Guard to build models of normal network behavior that capture the relationship between front-end web requests and back-end database queries, enabling it to detect attacks. The document outlines limitations of existing intrusion detection systems in multi-tier environments and the objectives of the Double Guard system.
Query Pattern Access and Fuzzy Clustering Based Intrusion Detection SystemSimran Seth
This document describes a project to develop an intrusion detection system (IDS) using query pattern access and fuzzy clustering. The system aims to detect insider threats and prevent inference attacks on sensitive database attributes by monitoring user access patterns. It will create user profiles based on historical access logs and detect anomalies by comparing new queries to the profiles. Fuzzy clustering will be used to partition users into groups with similar access patterns defined by cluster profiles containing access rules. The IDS seeks to enforce database security while addressing the limitations of existing syntactic and data-centric auditing approaches.
IRJET- Crypto-Currencies How Secure are they?IRJET Journal
This document discusses the security of cryptocurrencies. It begins by defining cryptocurrency and explaining how cryptocurrency transactions work using blockchain technology. It then discusses some of the key properties of cryptocurrencies like irreversibility, pseudonymity, and controlled supply. The document outlines some benefits of cryptocurrencies like lack of third party seizure and anonymity, but also challenges like high energy usage and possibility of lost wallets. It then discusses some specific security issues with blockchain like its complexity, size of the network, and traditional scams. It concludes by covering security issues with cryptocurrencies like spoofing payment information, errors in user addresses, and loss of wallet files.
Prevention of SQL injection in E- Commerceijceronline
Structured Query Language (SQL) injection, in present scenario, emerges as one of the most challenging fact to effect on the online business, as it can expose all of the business transaction related sensitive information which is stored in online database, inclusive of most highly secured sensitive information such as credit card passwords , usernames, login ids, credentials, phone, email id etc. Structured Query Language injection remain a responsibility that when intruder gets the ability with SQL related queries which is passed to a back-end database. The query which is passed by the intruder to the data, can allow the query to data which is an assisting element with database and required operating system. Every SQL Query that allows the inputs from the attacker sides can defect our real web application. Intruder which attempts to insert defective SQL query into an entry field to extract the query so that they can dump the database or alter the database which is known as "code injection technique" and this type of attacker is also called attack vector for websites and usually used by any type of SQL database. Through this research paper, our endeavour is to understand the methodology of SQL injection and also to propose solution to prevent SQL Injection in one of the most vulnerable field of E commerce.
This Slide contain information about the SQL injection.
Types of SQL injection and some case study about the SQL injection and some technique so we prevent our system
Website vulnerability to session fixation attacksAlexander Decker
This document summarizes a study that analyzed 125 Indonesian websites for vulnerability to session fixation attacks. The study found that 48% of websites were vulnerable, most due to reusing the same session IDs. The study provides recommendations for programmers to prevent session fixation, including regenerating session IDs and checking the HTTP referer header. It also recommends future research on predicting regenerated session IDs and designing efficient defenses against session fixation attacks.
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
The document discusses penetration testing and summarizes its key steps: information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. It outlines three types of penetration testing: black box with no system knowledge; grey box with some limited internal details; and white box with full access to source codes and network information, simulating an internal attack. The goal of penetration testing is to identify security vulnerabilities by simulating real attacks before malicious actors do.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
Recently, there are several studies have proposed user authentication frameworks to defend against different types of attacks such as phishing, replay attack, man in the middle attack and denial of service attack, etc. Most of these frameworks consist of three main phases, which are the registration phase, login phase, and authentication phase. Most of them have the changing password process as an additional activity.Many problemshave been noticed in the performance of these frameworks. For example, the registration phase is valunerable to internal attack such as SYN flood attack. In this work, we aim to propose a robust user authentication framework that overcomes the previous framework shortages. The proposed framework provides many security aspects such as remote authentication, mutual authentication, session key establishment,to mention a few. Besides, to ensure the security through all phases of this framework, we add a new phase called a Service Access Authentication Phase (SAAP).This phase is resposable of the internal verification .
Detection and prevention of keylogger spyware attacksIAEME Publication
This document summarizes a proposed method for detecting and preventing keylogger spyware attacks. Keylogger spyware poses a serious threat by recording keyboard keystrokes to steal sensitive information like passwords and account numbers. The proposed method uses a detection and prevention system to identify keyloggers and remove them from infected systems. It aims to protect systems from this type of malware in a network. The document provides an overview of different types of malware like adware, spyware, and keyloggers, and describes how keylogger spyware works by logging keystrokes and transmitting the stolen data to malicious users.
Keystroke with Data Leakage Detection for Secure Email AuthenticationYogeshIJTSRD
The user authentication is the important factor which allows the user to use a particular software. The user authentication is also performed in various kinds of social media such as Gmail, Facebook, etc. The traditional password system is used for user authentication. But this technique has a lot of demerits in it. Some hackers also cracks the password and perform some unwanted actions in the user authentication. In order to remove the difficulties in this traditional password technique and to provide additional security in user authentication, the keystroke with data leakage detection for secure email authentication is designed. This system uses Keystroke Dynamics. This system consists of five different types of modules such as Email Framework Construction, User Enrolment, Keystroke Authentication, Data Sharing and Data Leakage Detection. This system gets the details of the user such as name and email. Then it allows to enter the password. This password is stored along with the keystroke dynamics data such as the typing speed of the password and the threshold value. Both the Keystroke dynamics data and the original password are stored in the database. When the user wants to log into the system, the user has to give the password according to the keystroke dynamics data. Then only, the user can log into the system. Hence this system can also be used in Cyber security and provide security and privacy for the user data. Mrs. V. Hemalatha | V. Boominathan | K. Harithas | P. Raj Kumar | S. Vijaya Bharathi "Keystroke with Data Leakage Detection for Secure Email Authentication" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-3 , April 2021, URL: https://www.ijtsrd.com/papers/ijtsrd39969.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/39969/keystroke-with-data-leakage-detection-for-secure-email-authentication/mrs-v-hemalatha
Authentication and Authorization for User Roles and Device for Attack Detecti...IRJET Journal
This document summarizes a research paper that proposes methods for user authentication and authorization to protect relational databases from insider and outsider attacks. It discusses using digital signatures, user roles, and access policies to control what resources different users can access. The proposed methods aim to detect anomalies in database access, such as SQL injection attacks, based on profiling typical application queries and constraints. A user-to-user relationship graph is also used to help with online access control. The document outlines related work on smart grid security and presents the proposed framework and modules before discussing expected experimental results.
Requirement Based Intrusion Detection in Addition to Prevention Via Advanced ...journal ijrtem
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network
activity and identify any suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the
main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS
essentially reviews your network traffic and data and will identify probes, attacks, exploits and other
vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an
alert, logging the event or even paging an administrator. In some cases, the IDS may be prompted to reconfigure
the network to reduce the effects of the suspicious intrusion. The proposed protocol called Password Guessing
Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for
legitimate users. PGRP limits the number of login attempts for unknown users. In additional we propose an attack
detector for cloud spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis.
Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also
capable of localizing the positions of the attackers
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Anomaly Threat Detection System using User and Role-Based Profile Assessmentijtsrd
In network security the organizations are ever-growing to identify insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. We describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the users behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst. U. Indumathy | M. Nivedha | Mrs. K. Alice"Anomaly Threat Detection System using User and Role-Based Profile Assessment" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-3 , April 2018, URL: http://www.ijtsrd.com/papers/ijtsrd10956.pdf http://www.ijtsrd.com/engineering/computer-engineering/10956/anomaly-threat-detection-system-using-user-and-role-based-profile-assessment/u-indumathy
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
The document proposes a new system called PhishDect and Mitigator to detect and mitigate phishing attacks using software-defined networking (SDN). It uses deep packet inspection techniques and a convolutional neural network (CNN) to classify phishing signatures. Traffic is directed through either a "store and forward" or "forward and inspect" mode. In store and forward mode, packets are stored and inspected before forwarding. In forward and inspect mode, packets are forwarded first and then a copy is inspected. The system aims to overcome limitations of existing phishing detection methods.
This document summarizes a research paper that proposes a phishing detector plugin called PHISCAN that uses machine learning to detect phishing websites. The plugin is developed for the Chrome browser using JavaScript and HTML. It extracts features from URLs to train classifiers like random forest that can accurately classify URLs as phishing or benign in less than a second while maintaining user privacy. The paper conducts a literature review of existing phishing detection systems and techniques using blacklists, heuristics, or machine learning. It motivates the need for the proposed plugin by discussing the increasing prevalence and sophistication of phishing attacks.
This document describes a system called Web Gate Keeper that provides intrusion prevention for multi-tier web applications. Web Gate Keeper tracks user sessions and controls access across the web server and database server tiers to prevent various types of attacks. It uses container virtualization to isolate each user's session. This prevents attacks like privilege escalation, session hijacking, SQL injection, cross-site scripting, and direct database attacks. The system architecture involves processing all requests through a servlet filter for session validation before dispatching to the application. It detects intrusions and notifies administrators.
1) The document discusses a system called Web Gate Keeper that provides intrusion prevention for multi-tier web applications. It tracks user sessions to control access between the web server and database server.
2) Previously, intrusion prevention systems were developed separately for web servers and database servers, but this system aims to prevent intrusions across both simultaneously through session tracking and control.
3) The system architecture includes server 1 for session validation and tracking, and servers 2 and 3 host the actual web application and restrict database access only to those servers.
Us20140380431 Patent: COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST...Telefónica
A computer implemented method and computer program
products to prevent attacks against authorization systems
The computer implemented method comprising controlling
the access to different resources and actions de?ned for a user
by a ?rst server, reducing the exposure time at Which such
operations are available and establishing a dual channel verification through the use of a second server.
The computer programs implement the method.
This document presents a technique to enhance password-username authentication by addressing SQL injection and online password guessing attacks. The technique combines cryptographic hashing of passwords, recognition-based graphical passwords, and parameterized queries. Users register with a username, password, and graphical password. The password is hashed with a salt during registration. Login allows two attempts with the username and password before requiring the graphical password. IPs are blocked after one failed graphical attempt to prevent brute force attacks while still allowing legitimate users access. Security testing showed the technique prevented SQL injection and online password guessing attacks.
The document discusses a three-tier architecture for web applications with clients, application servers, and databases. It proposes a system called Double Guard that uses lightweight virtualization to assign each user session to an isolated container. This allows Double Guard to build models of normal network behavior that capture the relationship between front-end web requests and back-end database queries, enabling it to detect attacks. The document outlines limitations of existing intrusion detection systems in multi-tier environments and the objectives of the Double Guard system.
Query Pattern Access and Fuzzy Clustering Based Intrusion Detection SystemSimran Seth
This document describes a project to develop an intrusion detection system (IDS) using query pattern access and fuzzy clustering. The system aims to detect insider threats and prevent inference attacks on sensitive database attributes by monitoring user access patterns. It will create user profiles based on historical access logs and detect anomalies by comparing new queries to the profiles. Fuzzy clustering will be used to partition users into groups with similar access patterns defined by cluster profiles containing access rules. The IDS seeks to enforce database security while addressing the limitations of existing syntactic and data-centric auditing approaches.
IRJET- Crypto-Currencies How Secure are they?IRJET Journal
This document discusses the security of cryptocurrencies. It begins by defining cryptocurrency and explaining how cryptocurrency transactions work using blockchain technology. It then discusses some of the key properties of cryptocurrencies like irreversibility, pseudonymity, and controlled supply. The document outlines some benefits of cryptocurrencies like lack of third party seizure and anonymity, but also challenges like high energy usage and possibility of lost wallets. It then discusses some specific security issues with blockchain like its complexity, size of the network, and traditional scams. It concludes by covering security issues with cryptocurrencies like spoofing payment information, errors in user addresses, and loss of wallet files.
Prevention of SQL injection in E- Commerceijceronline
Structured Query Language (SQL) injection, in present scenario, emerges as one of the most challenging fact to effect on the online business, as it can expose all of the business transaction related sensitive information which is stored in online database, inclusive of most highly secured sensitive information such as credit card passwords , usernames, login ids, credentials, phone, email id etc. Structured Query Language injection remain a responsibility that when intruder gets the ability with SQL related queries which is passed to a back-end database. The query which is passed by the intruder to the data, can allow the query to data which is an assisting element with database and required operating system. Every SQL Query that allows the inputs from the attacker sides can defect our real web application. Intruder which attempts to insert defective SQL query into an entry field to extract the query so that they can dump the database or alter the database which is known as "code injection technique" and this type of attacker is also called attack vector for websites and usually used by any type of SQL database. Through this research paper, our endeavour is to understand the methodology of SQL injection and also to propose solution to prevent SQL Injection in one of the most vulnerable field of E commerce.
This Slide contain information about the SQL injection.
Types of SQL injection and some case study about the SQL injection and some technique so we prevent our system
Website vulnerability to session fixation attacksAlexander Decker
This document summarizes a study that analyzed 125 Indonesian websites for vulnerability to session fixation attacks. The study found that 48% of websites were vulnerable, most due to reusing the same session IDs. The study provides recommendations for programmers to prevent session fixation, including regenerating session IDs and checking the HTTP referer header. It also recommends future research on predicting regenerated session IDs and designing efficient defenses against session fixation attacks.
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
The document discusses penetration testing and summarizes its key steps: information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. It outlines three types of penetration testing: black box with no system knowledge; grey box with some limited internal details; and white box with full access to source codes and network information, simulating an internal attack. The goal of penetration testing is to identify security vulnerabilities by simulating real attacks before malicious actors do.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
Recently, there are several studies have proposed user authentication frameworks to defend against different types of attacks such as phishing, replay attack, man in the middle attack and denial of service attack, etc. Most of these frameworks consist of three main phases, which are the registration phase, login phase, and authentication phase. Most of them have the changing password process as an additional activity.Many problemshave been noticed in the performance of these frameworks. For example, the registration phase is valunerable to internal attack such as SYN flood attack. In this work, we aim to propose a robust user authentication framework that overcomes the previous framework shortages. The proposed framework provides many security aspects such as remote authentication, mutual authentication, session key establishment,to mention a few. Besides, to ensure the security through all phases of this framework, we add a new phase called a Service Access Authentication Phase (SAAP).This phase is resposable of the internal verification .
Detection and prevention of keylogger spyware attacksIAEME Publication
This document summarizes a proposed method for detecting and preventing keylogger spyware attacks. Keylogger spyware poses a serious threat by recording keyboard keystrokes to steal sensitive information like passwords and account numbers. The proposed method uses a detection and prevention system to identify keyloggers and remove them from infected systems. It aims to protect systems from this type of malware in a network. The document provides an overview of different types of malware like adware, spyware, and keyloggers, and describes how keylogger spyware works by logging keystrokes and transmitting the stolen data to malicious users.
Keystroke with Data Leakage Detection for Secure Email AuthenticationYogeshIJTSRD
The user authentication is the important factor which allows the user to use a particular software. The user authentication is also performed in various kinds of social media such as Gmail, Facebook, etc. The traditional password system is used for user authentication. But this technique has a lot of demerits in it. Some hackers also cracks the password and perform some unwanted actions in the user authentication. In order to remove the difficulties in this traditional password technique and to provide additional security in user authentication, the keystroke with data leakage detection for secure email authentication is designed. This system uses Keystroke Dynamics. This system consists of five different types of modules such as Email Framework Construction, User Enrolment, Keystroke Authentication, Data Sharing and Data Leakage Detection. This system gets the details of the user such as name and email. Then it allows to enter the password. This password is stored along with the keystroke dynamics data such as the typing speed of the password and the threshold value. Both the Keystroke dynamics data and the original password are stored in the database. When the user wants to log into the system, the user has to give the password according to the keystroke dynamics data. Then only, the user can log into the system. Hence this system can also be used in Cyber security and provide security and privacy for the user data. Mrs. V. Hemalatha | V. Boominathan | K. Harithas | P. Raj Kumar | S. Vijaya Bharathi "Keystroke with Data Leakage Detection for Secure Email Authentication" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-3 , April 2021, URL: https://www.ijtsrd.com/papers/ijtsrd39969.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/39969/keystroke-with-data-leakage-detection-for-secure-email-authentication/mrs-v-hemalatha
Authentication and Authorization for User Roles and Device for Attack Detecti...IRJET Journal
This document summarizes a research paper that proposes methods for user authentication and authorization to protect relational databases from insider and outsider attacks. It discusses using digital signatures, user roles, and access policies to control what resources different users can access. The proposed methods aim to detect anomalies in database access, such as SQL injection attacks, based on profiling typical application queries and constraints. A user-to-user relationship graph is also used to help with online access control. The document outlines related work on smart grid security and presents the proposed framework and modules before discussing expected experimental results.
Requirement Based Intrusion Detection in Addition to Prevention Via Advanced ...journal ijrtem
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network
activity and identify any suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the
main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS
essentially reviews your network traffic and data and will identify probes, attacks, exploits and other
vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an
alert, logging the event or even paging an administrator. In some cases, the IDS may be prompted to reconfigure
the network to reduce the effects of the suspicious intrusion. The proposed protocol called Password Guessing
Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for
legitimate users. PGRP limits the number of login attempts for unknown users. In additional we propose an attack
detector for cloud spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis.
Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also
capable of localizing the positions of the attackers
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Anomaly Threat Detection System using User and Role-Based Profile Assessmentijtsrd
In network security the organizations are ever-growing to identify insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. We describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the users behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst. U. Indumathy | M. Nivedha | Mrs. K. Alice"Anomaly Threat Detection System using User and Role-Based Profile Assessment" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-3 , April 2018, URL: http://www.ijtsrd.com/papers/ijtsrd10956.pdf http://www.ijtsrd.com/engineering/computer-engineering/10956/anomaly-threat-detection-system-using-user-and-role-based-profile-assessment/u-indumathy
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
The document proposes a new system called PhishDect and Mitigator to detect and mitigate phishing attacks using software-defined networking (SDN). It uses deep packet inspection techniques and a convolutional neural network (CNN) to classify phishing signatures. Traffic is directed through either a "store and forward" or "forward and inspect" mode. In store and forward mode, packets are stored and inspected before forwarding. In forward and inspect mode, packets are forwarded first and then a copy is inspected. The system aims to overcome limitations of existing phishing detection methods.
This document summarizes a research paper that proposes a phishing detector plugin called PHISCAN that uses machine learning to detect phishing websites. The plugin is developed for the Chrome browser using JavaScript and HTML. It extracts features from URLs to train classifiers like random forest that can accurately classify URLs as phishing or benign in less than a second while maintaining user privacy. The paper conducts a literature review of existing phishing detection systems and techniques using blacklists, heuristics, or machine learning. It motivates the need for the proposed plugin by discussing the increasing prevalence and sophistication of phishing attacks.
This document describes a system called Web Gate Keeper that provides intrusion prevention for multi-tier web applications. Web Gate Keeper tracks user sessions and controls access across the web server and database server tiers to prevent various types of attacks. It uses container virtualization to isolate each user's session. This prevents attacks like privilege escalation, session hijacking, SQL injection, cross-site scripting, and direct database attacks. The system architecture involves processing all requests through a servlet filter for session validation before dispatching to the application. It detects intrusions and notifies administrators.
1) The document discusses a system called Web Gate Keeper that provides intrusion prevention for multi-tier web applications. It tracks user sessions to control access between the web server and database server.
2) Previously, intrusion prevention systems were developed separately for web servers and database servers, but this system aims to prevent intrusions across both simultaneously through session tracking and control.
3) The system architecture includes server 1 for session validation and tracking, and servers 2 and 3 host the actual web application and restrict database access only to those servers.
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
Double guard: Detecting Interruptions in N- Tier Web ApplicationsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
This document discusses security techniques to protect cloud environments from DDoS attacks. It begins by introducing the importance of securing cloud resources and data availability. It then describes several common security attacks on cloud computing including cookie poisoning, SQL injection, man-in-the-middle attacks, and cloud malware injection. The document also examines intrusion detection methods like installing detection systems on cloud servers. Finally, it provides details on specific DDoS attacks like SYN flooding and IP spoofing, and the challenges they pose to cloud availability.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A Review Of Intrusion Detection System In Computer NetworkAudrey Britton
This document provides an overview of intrusion detection systems (IDS) and the techniques used to implement them. It discusses that IDS are used to detect malicious actions on computer networks and protect important files and documents. The document then summarizes that IDS have four main components - sensors to monitor the system, a database to store event information, an analysis module to detect potential threats, and a response module to address detected threats. It also categorizes IDS based on the data source, detection approach, structure, and how intrusions are detected. Finally, the document outlines various techniques used in IDS, including artificial intelligence methods like neural networks, fuzzy logic, genetic algorithms and machine learning approaches.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
Defense mechanism for ddos attack through machine learningeSAT Journals
Abstract
There is a huge advancement in Computer networking in the past decade. But with the advancement, the threats to the computer networks are also increased. Today one of the biggest threats to the computer networks is the Distributed Denial of Service (DDoS) flooding attack. This paper emphasizes the application layer DDoS flooding attacks because these (layer seven) attacks are growing rapidly and becoming more severe problem. Many researchers used machine-learning techniques for intrusion detection, but some shows poor detection and some methods take more training time. From a survey, it is found that Naïve Bayes (NB) algorithm provides faster learning/training speed than other machine learning algorithms. Also it has more accuracy in classification and detection of attack. So we are proposing a network intrusion detection system (IDS) which uses a machine learning approach with the help of NB algorithm.
Keywords: DDoS (Distributed Denial of Service) flooding attack, Machine Learning, Naïve Bayes, Network Intrusion Detection
This document describes a proposed vulnerability management system (VMS) that aims to automate the process of scanning software applications to identify vulnerabilities. The proposed system uses a hybrid algorithm approach that incorporates features from existing vulnerability detection tools and algorithms. The algorithm involves five main phases: inspection, scanning, attack detection, analysis, and reporting. The algorithm is intended to increase the accuracy of vulnerability detection compared to existing systems. The proposed VMS system and hybrid algorithm were tested using various vulnerability scanning tools on virtual machines, and results demonstrated that the VMS could automate the vulnerability assessment process and generate reports on detected vulnerabilities with severity levels. The main limitation is that scans using the VMS may take more time than some existing tools.
Deployment of Reverse Proxy for the Mitigation of SQL Injection Attacks Using...ijcisjournal
Internet has eased the life of human in numerous ways, but the drawbacks like the intrusions that
are attached with the Internet applications sustains the growth of these applications. Hackers find
new methods to intrude the applications and the web application vulnerability reported is increasing
year after year. One such major vulnerability is the SQL Injection attacks (SQLIA). Since SQLIA
contributes 25% of the total Internet attacks, much research is being carried out in this area. In this
paper we propose a method to detect the SQL injection. We deploy a Reverse proxy that uses the
input-data cleansing algorithm to mitigate SQL Injection Attack. This system has been tested on
standard test bed applications and our work has shown significant improvement in detecting and
curbing the SQLIA.
Deployment of Reverse Proxy for the Mitigation of SQL Injection Attacks Using...ijcisjournal
Internet has eased the life of human in numerous ways, but the drawbacks like the intrusions that are attached with the Internet applications sustains the growth of these applications. Hackers find new methods to intrude the applications and the web application vulnerability reported is increasing year after year. One such major vulnerability is the SQL Injection attacks (SQLIA). Since SQLIA contributes 25% of the total Internet attacks, much research is being carried out in this area. In this paper we propose a method to detect the SQL injection. We deploy a Reverse proxy that uses the input-data cleansing algorithm to mitigate SQL Injection Attack. This system has been tested on standard test bed applications and our work has shown significant improvement in detecting and curbing the SQLIA.
A real-time hypertext transfer protocol intrusion detection system on web serverTELKOMNIKA JOURNAL
Behind the rapid development of the internet in today’s era, various types of crime are also targeting vital players in the internet industry. With many online crime types rampant, an antidote is also needed to suppress internet crime. Therefore, the researcher proposes a solution in the form of a Keris, namely the hypertext transfer protocol (HTTP) intrusion detection system (IDS) that runs on the server where our website is running. Keris works by detecting rampant intrusions that attack servers or websites. When an intrusion is detected, Keris will notify the system admin using the Keris Telegram chatbot or an alternative Keris mobile application with firebase cloud messaging (FCM) technology. The research was conducted by comparing the results of one-way delay (OWD) between Telegram Webhook and FCM with the help of the open web application security project (OWASP) zed attack proxy (ZAP) test tool. From the results of the tests, OWD against directory brute force attacks on Telegram Webhook for 0.72 seconds and on FCM for 0.44 seconds. In this case, FCM is more suitable for real-time notifications if we need a very responsive notification.
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
This document discusses implementing an Intrusion Detection System (IDS) for WiFi security. The IDS would detect vulnerable activities of devices connected to the network and alert the system.
The paper provides background on common WiFi security vulnerabilities and attacks. It then describes the components and methodology of an IDS, including using sensors to monitor network traffic, analyzers to evaluate the traffic for attacks, and user interfaces to manage the system. The proposed IDS would collect network information using Wireshark, detect intrusions, and respond to threats to improve security for wireless networks.
Similar to INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS USING DOUBLEGUARD (20)
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
New techniques for characterising damage in rock slopes.pdf
INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS USING DOUBLEGUARD
1. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
DOI: 10.5121/ijci.2015.4604 37
INTRUSION DETECTION IN MULTITIER WEB
APPLICATIONS USING DOUBLEGUARD
Neha A. Mohadikar1
and Prof. M. V. Nimbalkar2
1
Research Scholar, Department of IT, Sinhgad College of Engineering, Pune, India
2
Associate Professor, Department of IT, Sinhgad College of Engineering, Pune, India
ABSTRACT
Today, the use of distinct internet services and their applications by people are increase in very large
amount. Due to its usage, it results the increase in data complexity. So, web services turn their focus on
multi-tier design where web server acts as front-end and database server acts as back-end. Attackers try to
hack personal data by targeting database server, hence it need to provide more security to both web server
and database server. In this paper, the doubleguard system proposes an efficient intrusion detection and
prevention system which detects and prevents various attacks in multi-tier web applications. This IDS
system keeps track of all user sessions across both web server and database server. For this, it allocates the
dedicated web container to each user’s session. Each user is associated with unique session ID which
enhances more security. The system built well correlated model for website and detects and prevents
various type of attacks. The system is implemented by using Apache webserver with MySQL.
KEYWORDS
Attacks, Intrusion detection and prevention system, Multitier web application, Web Server.
1. INTRODUCTION
As we know today‟s world is the technology world. Hence usage of internet and web services
increases tremendously. A web service as well as their different applications provides great
usability to user. So, their popularity, availability and usage increased day by day. We used web
services and applications in the various fields like banking, shopping, travelling. Since most of
the web application is largely open, it is very easy to find security loopholes and turned into
insecure web applications. Due to increase in data complexity, web services turns their focus on
multi-tiered design approach where the web server runs web application at front end and data is
deploy to database server [11] [13]. To provide more security to multitier web services intrusion
detection systems (IDS) are largely used and it detects various attacks.
There are two IDS, web IDS and database IDS, both of them can be able to detect unusual
network traffic individually sent to either of them. But these IDS can‟t identify cases in which
traffic will be used to attack web server and database server [1] [10]. So, in this paper
Doubleguard approach is described. Doubleguard is an IDS system which is used to detect and
prevent attacks in multitier web services. This technique models the behavior of user sessions
between front end web server and back end database server. It administers both web requests and
database request and figure out attacks which independent IDS would unable to detect. This
system provides a dedicated container to each user session and each user‟s session is associated
with unique session ID. Also, there are different mappings used to detect and prevent different
types of attacks.
2. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
38
2. RELATED WORK
As we know Information Technology is an essential part of our daily life. Various web services
and its applications work on front end and back end server. Front end consist of application user
interface logic and back end server consist of database for particular user data. All sensitive
information is stored on database server, so attacker turns their focus from front end to back end.
Hence, IDS systems are widely used in order to protect multi-tier web services where at the
database side; we are not able to tell which client request deals with which client reply [14]. Also,
the web server and database server have distinct communication between them. Hence, we can
not figure out the relationship among them.
M Cova, D Balzarotti and Giovanni [3] proposed a different approach for detection of various
attacks in web applications using anomaly based detection. This approach consists of different
web application state, that is, the information related with single user session. This system
operates in two phases, training and detection. Swaddler consists of sensors and analyzer where
sensor collets data for web application state [9]. It collects values of state variables and
encapsulates them into events which are sent to analyzer. In training phase, profiles for
application blocks are established. In detection phase, these profiles are used to identify
anomalous application state. But this technique is vulnerable to mimicry attacks.
Giovanni Vigna, Fredrik Valeur, Davide Balzarotti, William Robertson [4] proposed a system for
anomaly detection which includes SQL query anomaly detector with Intrusion Detection and
prevention system (IPS). This IPS blocks the web requests that are found to be anomalous and
SQL anomaly detector detects the normal looking malicious request that generate anomalous
database queries [5]. Anomaly detector sends the feedback about detected attacks back to IPS.
IPS receives feedback information and updates its configuration to improve its capability of
detecting attacks.
Andreas Kind, Marc Ph. Stoecklin, and Xenofontas Dimitropoulos [5] proposed an approach in
which different traffic features are simulated with the help of histogram. This system model out
histogram patterns, and identifies variations from the created models.
In the existing system, both web and database servers are vulnerable. In most of system, the
attackers can bypass the web server to directly attack the database server. Also, attackers may
take over the web server after the attack, and then they can obtain full control of the web server
and try to launch subsequent attacks and steal sensitive data beyond their privileges [2]. The
existing IDS systems are fixed at web server and at database server but they are unable to detect
attacks if normal traffic is used to attack database. These IDS are protected from direct remote
attacks; but then also the back-end systems are vulnerable to attacks as attacker uses web requests
for exploitation of back-end. But, proposed doubleguard system uses a new container-based web
server architecture that enables us to separate different information flows by each session. It track
the information flows to database server. The main purpose of double guard system is to model
the mapping patterns between database queries and http requests to detect malicious user
sessions.
3. SYSTEM FRAMEWORK
In this section proposed system architecture is described. This section also describes how the
proposed system detects and prevents various attacks such as privilege escalation, session hijack,
SQL injection and direct database attack.
3. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
39
The proposed DoubleGuard system is Intrusion Detection and Prevention system (IDS) that
models the behavior of user sessions over both front-end web server and back-end database. In
this approach, it assigns different container to each user‟s session and unique session ID is
assigned to each user‟s session. Hence, it separates the information flows between different users.
We can run many copies of web server instances so that each one segregated from the rest and
having separate information flow. This approach dynamically generates new session. This system
chooses to separate communications at the session level and single user compromise with the
same web server instances. Sessions represent different users and the communication of a single
user goes through the same dedicated web session which allows us to identify fishy behavior of
malicious. If detect abnormal behavior in a session, will treat all traffic within this session as
tainted and the session will be destroyed immediately. These virtualized sessions can be discarded
and quickly reinitialized to serve new sessions. The system includes different mapping policies to
detect and prevent attacks. Figure 1 shows the system architecture of system.
Fig.1 System Architecture
The Doubleguard system is effectual at capturing the following types of attacks.
3.1. SQL Injection Attack
SQL injection attack is a web security attack caused mainly due to improper validation of user
input. It holds the confidentiality and integrity of user‟s sensitive data. This attack takes place
between the user interface layer and the business logic layer [6] [12].
4. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
40
Fig.2 SQL Injection Attack
Figure 2 shows SQL injection attack. Let us see the following example.
SELECT * from table WHERE user=„ ‟ and password= „ ‟;
This sample considers two input parameters as username and password. If hacker tries to attempt
illegal access of database by entering input as SQL statements instead of actual input, then it is
called SQL injection attempt.
For example if the hacker inputs,‟ OR „1‟=„1‟ - -, the statement becomes, SELECT * from table
WHERE user=„ ‟ OR „1‟=„1‟- - and password= „ ‟ ;
Here the user gets unauthorized access to the system because 1=1 is true always and - - indicates
the statements following it are comments.
3.2. Direct DB Attack
Fig3 Direct DB Attack
Figure 3 shows direct DB attack in which an attacker try to bypass the web server and connect
directly to the database. Here, an attacker takes over the web server and submits the queries from
the web server to database without sending web requests.
The proposed system uses encryption algorithm to prevent both SQL Injection and Direct DB
attack.
Algorithm: Encryption algorithm to prevent SQL Injection and Direct DB attack.
5. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
41
Input: String array[]
Output: Encrypted String encryptedArray[]
Initialize:
numbers="1234567890";
smallAlphabets="abcdefghijklmnopqrstuvwxyz";
capitalAphabets="ABCDEFGHIJKLMNOPQRSTUVWXYZ";
specialSymbols="; .'"+"""+"[+*&=-]@#$(),_";
Initialize Arbitrary Arrays:
//A1 array
A1=numbers + smallAlphabets + specialSymbols +
Capital Alphabets;
//A2 array
A2=capialAlphabets + numbers + smallAlphabets + specialSymbols;
//A3 array
A3=numbers + capitalAlphabets + smallAlphabets + specialSymbols;
//A4 array
A4=smallAlphabets + specialSymbols + capitalAlphabets + numbers;
//all characters
all=smallAlphabets + capitalAlphabets + numbers + specialSymbols;
Algorithm Steps:-
for (int i=0 to length of input string)
if(array[i+1]==' ' || array[i+1]==LowerCaseLetter)
then encryptedArray[i]=A1
else if (array[i+1]==UpperCaseLetter)
then encryptedArray[i]=A2
else if (array[i+1]==Number)
then encryptedArray[i]=A3
else if (array[i+1]==SpecialLetter)
then encryptedArray[i]=A4
else
encryptedArray[i]=array[i];
return encryptedArray;
6. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
42
3.3. Session Hijack Attack
This attack is the exploitation of user‟s session i.e. obtaining session key to gain unauthorized
access to information or various web services. It is usually done at the web server side. An
attacker takes over the web server and try to hijacks all valid user sessions to steal sensitive
information [7]. By hijacking other user‟s sessions, the attacker can perform spoofing, man-in-
the-middle attack, replay attack, packet drop attack etc. Figure 4 describes Session Hijack attack.
Fig.4 Session Hijack Attack
This attack can be prevented using strong and encrypted algorithm. There are two parts, session
ID generation algorithm and session ID sharing algorithm. In first part, web server generates
unique session ID using session ID generation algorithm and in second part, this session ID is
encrypted at server side and decrypted at client side using session ID sharing algorithm. At the
end both client and server have same key for communication.
Algorithm 1: Session ID Generation algorithm
Initialize variable:
res;
Buff;
randomNo=0;
res_byte_length=32;
sessionIdLength=32;
for (int i = 0 to sessionIdLength)
{
byte b1=(byte) ((randomNoUsingMessageDigest() & 0xf0) >> 4);
byte b2 = (byte) (randomNoUsingMessageDigest() & 0x0f);
if (b1 < 10)
Buff.append((char) ('0' + b1)
else
Buff.append((char) ('A'+ (b1 -10)));
if (b2 < 10)
7. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
43
Buff.append((char) ('0' + b2));
else
Buff.append((char) ('A'+ (b2 -10)));
res_byte_length++;
}
Algorithm 2: Session ID sharing algorithm
1. The client originates the session with the server using his/her credentials
(Login/password).
2. The client requests a server for RSA Public key.
3. The client encrypts the credentials with RSA Public key.
4. The server decrypts the credentials and stores it in the session.
5. The server encrypts the generated Session ID with AES and sends it to the client.
6. The client decrypts the Session ID using AES with the credentials.
7. Both the client and the server have now the same “session ID” which is used for
communication.
Figure 5 shows the steps for session ID sharing algorithm.
Fig.5 Session ID sharing algorithm
8. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
44
3.4. Privilege Escalation Attack
Web applications plays vital role in E-commerce. These web applications can be widely deployed
and open nature, so attacker tries to get unauthorized access to user‟s data. Hence, to maintain
security of web application is very important concern.
In privilege escalation attack, attacker performs login as a normal user, upgrades his role as admin
or other user and triggers different queries to get admin access or other user account access [8].
Figure 6 shows privilege escalation attack.
Fig.6 Privilege Escalation Attack
This type of attack cannot be detected by web server IDS and database IDS because both request
and queries are authentic. But in the proposed approach, web applications uses certain access
control policies. These policies are used to verify whether given legitimate user has required
privileges to access given resources such as database table. Authorization is always expected
before accessing every resource. This becomes the basis for web application security.This
approach uses access control policies. These policies are based on adding articles, Delete articles
or update articles on website.
This approach is able to detect two types of privilege escalation attack.
Vertical privilege escalation attack, when an attacker or malicious user upgrades his/her
privilege level (access more than they are entitled according to their role) and try to get
admin access.
Horizontal privilege escalation attack, when an attacker or malicious user tries to access
the system resources of other users..
4. PERFORMANCE EVALUATION
In this section, experimental results are described. Experimental results were taken by 25 number
of request i.e. total 25 user sessions. The performance of the system is evaluated using parameters
namely, attack detection rate, and number of request per second VS number of replies per second.
9. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
45
a) Attack Detection Rate
It is the ratio between the total numbers of attack connections detected by proposed system to the
total number of attacks currently available in the data set.
This graph in figure 7 shows Attack Detection Rate. If the number of user sessions increases, the
rate of detected intrusion instances (%) varies. Here, for 0 number of session detected intrusion
instances is 0% and varied by increasing number of session. Finally, for 20 sessions detected
intrusion instances increases to 80%.
Fig.7 Attack Detection Rate
b) Graph of Proposed system Vs Existing system
Fig.8 Graph of Proposed system Vs Existing system
10. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
46
The above figure 8 shows graph of proposed system Vs existing system. This evaluates the time
at which number of requests are served by the system. To fetch 5 web requests, the old system
requires 9 seconds but proposed system requires 8 seconds. Hence, to fetch number of request,
the proposed system works more efficiently than old existing system.
5. CONCLUSION
DoubleGuard system is used to detect and prevent the intrusions in multi-tier web application. It
is container-based IDS which builds particular model for multitier web applications and assigns a
unique session ID to each user. The system separates the information flow from each web server
session. Hence, there will be precise detection and prevention of attacks such as SQL Injection
Attack, Direct DB Attack, Session Hijack Attack and Privilege Escalation Attack. Also the
requests which does not match to given model that will be treat as an intruder.
It is an application independent system and used for both front-end as well as back-end. It is used
for web server which provides better security for data and web application.
REFERENCES
[1] Meixing Le, AngelosStavrou, Brent ByungHoon Kang,“DoubleGuard: Detecting Intrusions in
Multitier Web Applications”, IEEE Transactions On Dependable And Secure Computing, Vol. 9, No.
4, March 2014.
[2] Felmetsger Viktoria, LudovicoCavedon, Christopher Kruegel, and Giovanni Vigna. "Toward
automated detection of logic vulnerabilities in web applications." In USENIX Security Symposium
ACM, pp. 143-160. 2010.
[3] Cova, Marco, DavideBalzarotti, Viktoria Felmetsger, and Giovanni Vigna. "Swaddler: An approach
for the anomaly-based detection of state violations in web applications." In Recent Advances in
Intrusion Detection, pp. 63-86. Springer Berlin Heidelberg, 2007.
[4] Vigna, Giovanni, Fredrik Valeur, Davide Balzarotti, William Robertson, et.al. "Reducing errors in the
anomaly-based detection of web-based attacks through the combined analysis of web requests and
SQL queries" Journal of Computer Security 17, no. 3 (2009): 305-329.
[5] Kind, Andreas, Marc PhStoecklin, and Xenofontas Dimitropoulos, "Histogram-based traffic anomaly
detection." Network and Service Management, IEEE Transactions on 6, no. 2 (2009): 110-121.
[6] Avireddy, S., Perumal, et.al,“Random4: an application specific randomized encryption algorithm to
prevent SQL injection” In Trust, Security and Privacy in Computing and Communications
(TrustCom), 2012 IEEE 11th International Conference on (pp. 1327-1333).
[7] Manivannan, S. S., and E. Sathiya moorthy. "A Prevention Model for Session Hijack Attacks in
Wireless Networks Using Strong and Encrypted Session ID." Cybernetics and Information
Technologies 14.3 (2014): 46-60.
[8] Monshizadeh, Maliheh, Prasad Naldurg, and V. N. Venkatakrishnan. "Mace: Detecting privilege
escalation vulnerabilities in web applications." In Proceedings of the 2014 ACM SIGSAC Conference
on Computer and Communications Security, ACM, 2014, pp. 690-701.
[9] SachinJ.Pukale, M. K.Chavan,”A Review of Anomaly Based Intrusions Detection In Multi-Tier Web
Applications”, International Journal Of Computer Engineering & Technology, Volume 3, Issue 3,
October - December (2012), pp. 233-244.
[10] Sujitha, M., P. Suganya, T. Shampavi, and S. Anjanaa. "Dual Safeguard: Intrusion Detection and
Prevention System in Web Applications." International Journal of Computer Applications 67, no. 9
(2013): 13-18.
[11] Kruegel, Christopher, and Giovanni Vigna. "Anomaly detection of web-based attacks." In
Proceedings of the 10th ACM conference on Computer and communications security, pp. 251-261.
ACM, 2003.
11. International Journal on Cybernetics & Informatics (IJCI) Vol. 4, No. 6, December 2015
47
[12] Valeur, Fredrik, Darren Mutz, and Giovanni Vigna. "A learning-based approach to the detection of
SQL attacks" Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin
Heidelberg, 2005. 123-140.
[13] Egele, Manuel, TheodoorScholte, EnginKirda, and Christopher Kruegel. "A survey on automated
dynamic malware-analysis techniques and tools." ACM Computing Surveys (CSUR) 44, no. 2 (2012):
6.
[14] Sekar, R. "An Efficient Black-box Technique for Defeating Web Application Attacks." NDSS. 2009.
AUTHORS
Neha A. Mohadikar appeared for the M.E. degree in Information Technology from
Savitribai Phule University, Pune, India.