VISVESVARAYA TECHNOLOGICAL UNIVERSITY

JNANA SANGAMA, BELGAUM-590018

A Seminar Report

On

DOUBLE GUARD: DETECTING INTRUSIONS IN MULTITIER WEB APPLICATIONS

A Seminar report submitted in partial fulfillment of the requirements for the VIII
Semester degree of Bachelor of Engineering in Information Science and Technology
of Visvesvaraya Technological University, Belgaum
Submitted by
DIVYA K
USN : 1RN09IS016
Under the Guidance of
MANOJ KUMAR H
Assistant Professor
Information Science and Engineering
RNS Institute of Technology

Department of Information Science and Engineering

RNS Institute of Technology

Channasandra, Uttarahalli-Kengeri main Road, Bangalore-560 098

2012-2013

RNS Institute of Technology

Channasandra, Uttarahalli-Kengeri main Road,
Bangalore-560 098
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

CERTIFICATE
Certified that the Seminar on topic Double Guard: Detecting
Intrusions in Multi-tier Web Applications has been successfully presented at RNS
Institute of Technology by Divya K , bearing USN 1RN09IS016 , in partial fulfillment
of the requirements for the VIII Semester degree of Bachelor of Engineering in
Information Science and Engineering of Visvesvaraya Technological University,
Belgaum during academic year 2012-2013. It is certified that all corrections/suggestions
indicated for Internal Assessment have been incorporated in the report deposited in the
departmental library. The Seminar report has been approved as it satisfies the academic
requirements in respect of Seminar work for the said degree.

Mr. Manoj Kumar H

Assistant Professor

Ms. Leelavathi H V
Seminar Coordinator

Dr. M V Sudhamani
Prof. and HOD

Dr. M K Venkatesha
Principal

DECLARATION
I, Divya K [USN: 1RN09IS016], student of VIII Semester BE, in Information
Science and Engineering, RNS Institute of Technology hereby declare that the Seminar
entitled DoubleGuard: Detecting Intrusions In Multi-tier Web Applications has been
carried out by me and submitted in partial fulfillment of the requirements for the VIII
Semester degree of Bachelor of Engineering in Information Science and Engineering of
Visvesvaraya Technological University, Belgaum during academic year 2012-2013.

Date

: 15th March 2013

Place : Bengaluru

Divya K
USN : 1RN09IS016

ACKNOWLEDGEMENT

The satisfaction and euphoria that accompany the successful completion of any task would
be incomplete without the mention of the people who made it possible, whose constant
guidance and encouragement crowned the efforts with success.
I would like to profoundly thank Management of RNS Institute of Technology for
providing such a healthy environment for the successful completion of Seminar work.
I would like to express my thanks to the Director Dr. H N Shivashankar and the Principal
Dr. M K Venkatesha for their encouragement that motivated me for the successful
completion of Seminar work.
It gives me immense pleasure to thank Dr. M V Sudhamani Professor and Head of
Department for her constant support and encouragement.
Also, I would like to express my deepest sense of gratitude to my Seminar guide Mr. Manoj
Kumar H Assistant Professor, Department of Information Science & Engineering for his
constant support and guidance throughout the Seminar work.
I would also like to thank the Seminar Coordinator Ms. Leelavathi H V Assistant Professor,
Department of Information Science & Engineering and all other teaching and non-teaching
staff of Information Science Department who has directly or indirectly helped me in the
completion of the Seminar work.
Last, but not the least, I would hereby acknowledge and thank my parents who have been a
source of inspiration and also instrumental in the successful completion of the seminar work.
- Divya K

ABSTRACT
Double Guard, an Intrusion Detection System that models the network behavior of user
sessions across both the front-end web server and the back-end database. By monitoring
both web and subsequent database requests, it was possible to ferret out attacks that an
independent IDS would not be able to identify. Furthermore, the limitations of any multi-tier
IDS in terms of training sessions and functionality coverage were quantified. Double Guard
using an Apache Web server with MySQL and lightweight Virtualization has been
implemented. Collection and processing real-world traffic over a 15-day period of system
deployment in both dynamic and statics web applications. Finally using Double Guard, it
was possible to expose a wide range of attacks with 100 % accuracy while maintaining 0%
false positives for static web services and 0.6% false positives for dynamic web services.

CONTENTS
1. Introduction
2. The Intrusion Detection System
2.1 Introduction of IDS
2.2 Categories of IDS
2.3 Drawbacks of IDSs

3. Data Mining Technology

4. Intrusion Detection System In Web Services
4.1 Introduction
4.2 Related Work
4.3 Problem Statement
4.4 Proposed System
4.5 Proposed Architecture Description

5. Related Work
6. Threat Model And System Architecture
6.1 Architecture and Confinement
6.2 Building the Normality Model
6.3 Attack Scenarios
6.4 DoubleGuard Limitations

7. Modelling Deterministic Mapping And Patterns

7.1 Inferring Mapping Relations
7.2 Modelling for Static Websites
7.3 Testing for Static Websites
7.4 Modelling of Dynamic Patterns
7.5 Detection for Dynamic Websites

8. Performance Evaluation
8.1 Implementation
8.2 Container Overhead
8.2 Static website model in training phase
8.4 Dynamic modelling detection rates
8.5 Attack Detection

9. Conclusion
References

1
3
3
3
4

5
7
7
9
10
10
11

13
16
16
17
18
20

21
21
22
23
24
24

25
25
25
27
28
28

30
31