Detecting co residency with active traffic analysis techniques
Table of contents
1. i
ANNA UNIVERSITY: CHENNAI 600 025
BONAFIDE CERTIFICATE
Certified that this project report titled “DoubleGuard detection in
Multitier Architecture” is the bonafide work of A.VENKATESAN
(REG.NO:912011405017), who carried out the Project Phase I under my
supervision during June 2012 to December 2012.
SIGNATURE SIGNATURE
Prof. U. NIRAICHANDRAN, M.Tech., Mr.S.ATHIRAYAN, M.E.,
Professor & Head, SUPERVISOR/Asst.Professor
Computer Science and Engineering Computer Science and Engineering
Pandian Saraswathi Yadav Engineering Pandian Saraswathi Yadav Engineering
College, Sivagangai- 630 561. College, Sivagangai- 630 561.
Submitted for the Viva-Voce examination held at “Pandian Saraswathi Yadav
Engineering college Sivagangai” on………………….
Internal Examiner External Examiner
2. ii
ACKNOWLEDGEMENT
First of all, I thank god almighty for his wisdom and his substantial blessings
by which I have been able to complete my phase 1 of this project successfully.
I would like to express my sincere thanks and gratitude to our beloved
Founder “Hindu Rattan” Mr. Malaysia S.Pandian, of our college, for his
support.
I express my thanks to our Managing Director Mr.S.P.VaradhaRajan B.E.,
of our college, for his support.
My special thanks to our Principal Dr.K.Kannan for permitting me to
undertake this project.
No word of gratitude will be sufficient to pay our heartfelt thanks to
Prof. U. Nirai Chandran M.Tech., HOD (CSE) for his valuable suggestion and
kind cooperation, and I would also like to extend my thanks to the other staffs of
CSE & IT department.
I sincerely thank my Internal Guide, Mr.S.Athirayan M.E.,
Assistant Professor (CSE) for having confidence in me and supporting me
in all stages to complete the phase 1 of this project.
I am grateful to express my gratitude to my parents and friends for their
prayers, cooperation and efforts in encouraging me, which boosted me to finish my
first phase of this project efficiently.
3. iii
ABSTRACT
In this project, we propose an efficient IDS system called as Double
Guard system that models the network behavior for multilayered web
applications of user sessions across both front-end web (HTTP) requests and
back-end database (SQL) queries. In this system, Double Guard forms
container-based IDS with multiple input streams to produce alerts. In typical
three-tiered web server architecture, the web server receives HTTP requests
from user clients and then issues SQL queries to the database server to retrieve
and update data. This proposed container-based and session-separated web
server architecture enhances the security performances and also provides
the isolation between the information flows that are separated in each
container session. In order to detect the abnormal behaviors on a
session/client level, Casual Mapping profile model is newly developed to
map between the web server requests and the subsequent DB queries. An
intrusion detection system (IDS) is used to detect potential violations in
database security. In every database, some of the attributes are considered
more sensitive to malicious modifications compared to others . This project
consider also product the sensitivity information.
4. iv
TABLE OF CONTENTS
CHAPTER NO. TITLE PAGE NO.
ABSTRACT III
LIST OF FIGURES VII
LIST OF ABBREVIATION VIII
1 INTRODUCTION
1.1 THREE TIER ARCHITECTURE 1
1.1.1 FIRST TIER 1
1.1.2 SECOND TIER 1
1.1.3 THIRD TIER 2
1.2 INTRODUCTION ABOUT THE SYSTEM 2
1.3 DOUBLE GUARD DETECTION 3
1.4 CONTAINERS AND LIGHT WEIGHT
VIRTUALIZATION 4
1.5 OBJECTIVE 5
1.6 EXISTING SYSTEM 5
1.6.1 CLASSIC 3 TIER MODEL 5
1.6.2 LIMITATION OF EXISTING SYSTEM 6
1.7 PROPOSED SYSTEM 7
1.7.1 ADVANTAGES 8
2 LITERATURE SURVEY
2.1TOWARD AUTOMATION DETECTION
OF LOGIC VULNARABILITES SYSTEM 9
2.2 ANOMALY DETECTION OF WEB
BASED ATTACKS 10
2.3 DATABASE INTRUSIONDETECTION USING
5. v
WEIGHT SEQUENCE MINING 11
2.4 EFFICIENTLY TRACKING APPLICATION
INTRACTIONS USING
LIGHTWEIGHT VIRTUALIZATION 13
2.5 FAST AND AUTOMATED GENERATION OF
ATTACK SIGNATURES 14
2.6 POLYGRAPH AUTOMATICALLY GENERATING
SIGNATURES FOR POLYMORPHIC WORMS 16
2.7 A STATEFUL INTRUSION DETECTION SYSTEM
FOR WORLD WIDE WEB SERVERS 17
2.8 AN EFFICIENT BLACK BOX TECHNIQUE FOR
DEFEATING WEB APPLICATION ATTACKS 18
2.9 INTRUSION DETECTION VIA STATIC
ANALYSIS 20
2.10 CLAMP PRACTIVAL PREVENTION OF
LARGE SCALE DATA LEAKS 21
3 REQUIREMENT SPECIFICATION
3.1 HARDWARE SPECIFICATION 23
3.2 SOFTWARE SPECIFICATION 23
3.2.1 JAVA 23
3.2.2 NETBEANS 27
4 METHODOLOGY
4.1 CREATE CONTAINER MODEL 28
4.2 BUILDING NORMALITY MODEL 29
6. vi
5 SYSTEM DESIGN
5.1 STATIC MODEL 32
5.2 MAPPING RELATIONS 33
5.2.1 DETERMINISTIC MAPPING 33
5.2.2 EMPTY QUERY SET 34
5.2.3 NO MATCHED REQUEST 34
5.2.4 NONDETERMINISTIC MAPPING 34
5.3 STATIC MODEL BUILDING ALGORITHM 35
5.4 TESTING FOR STATIC WEBSITES 37
5.5 MODELING OF DYNAMIC PATTERNS 37
6 RESULTS AND DISCUSSION
6.1 SCREEN SHOTS 39
7 CONCLUSION AND FUTURE WORK
7.1 CONCLUSION 43
7.2 FUTURE ENHANCEMENT 44
8 REFERENCES 45
7. vii
LIST OF FIGURES
FIGURE NO. FIGURE TITLE PAGE NO.
1.6.2 Classic 3 tier architecture 6
4.2 webserver instances running in containers 30
5.2.1 Deterministic mapping using session ID
of the container (VE) 33
6.1 Home page 39
6.2 Login page 39
6.3 Allocating containters 40
6.4 User login status 40
6.5 User register informations 41
6.6 Status of the model 41
6.7 Logout session 42
8. viii
LIST OF ABBREVIATION
HTML Hyper Text Markup Language
HTTP Hyper Text Markup Language
JSP Java Server page
IDS Intrusion Detection System
CMS Content management system
SQL Structured Query Language