Open Access  Subscription or Fee Access

Web based services and applications have increased in both popularity and complexity over past few years. The flexibility of the web services computing model can expose corporate data and business processes to security risks. In this paper we present a different mapping algorithm for modeling container based architecture for preventing intrusions in web based applications using Double Guard. The aim is to built a well-correlated model that provides an effective mechanism to detect the different types of attacks and to create a causal mapping profile by taking both the web server and DB traffic into account. The proposed Double Guard system detects and prevents different attacks such as privilege escalation attack, SQL injection attack, future session attack, direct database attack and also other types of attacks.

Anomaly Detection, Intrusion Detection System, Mapping Model, Multi-Tier Web Application

D. Bates, A. Barth, and C. Jackson. “Regular expressions considered harmful in client-side xss filters”. In Proceedings of the 19th international conference on World wide web, 2010.

W. Robertson, F. Maggi, C. Kruegel, and G. Vigna. “Effective Anomaly Detection with Scarce Training Data”. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2010.

J. Newsome, B. Karp, and D. X. Song. “Polygraph: Automatically generating signatures for polymorphic worms”. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 2005.

G. Vigna, F. Valeur, D. Balzarotti, W. K. Robertson, C. Kruegel, and E. Kirda. “Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries”. Journal of Computer Security, 17(3):305–329, 2009.

B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, and A. Perrig.” CLAMP: Practical prevention of large-scale data leaks”. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 2009.

F. Valeur, G. Vigna, C. Kr¨ugel, and R. A. Kemmerer. “A comprehensive approach to intrusion detection alert correlation”. IEEE Trans. Dependable Sec. Comput, 1(3), 2004.

R. Sekar. “An efficient black-box technique for defeating web application attacks”. In NDSS. The Internet Society, 2009.

V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. “Toward Automated Detection of Logic Vulnerabilities in Web Applications”. In Proceedings of the USENIX Security Symposium, 2010.

Stavrou, G. Cretu-Ciocarlie, M. Locasto, and S. Stolfo.” Keep your friends close: the necessity for updating an anomaly sensor with legitimate environment changes”. In Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, 2009.

M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna.” Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications”. In RAID 2007.

greensql. http://www.greensql.net/

M. Roesch,“Snort, Intrusion Detection system,” www.snort.org/2011

H. Debar, M. Dacier, A. Wespi, "Towards a taxonomy of intrusion-detection systems", Computer Networks, No. 31, 1999

"Five Common Web Application Vulnerabilities," http://www. symantec.com/connect/articles/five-common-web-applicationvulnerabilities, 2011.

A.Schulman,“Top10DatabaseAttacks,”http://www.bcs.org/server.php?show=ConWebDoc.8852, 2011.

"Common Vulnerabilities and Exposures," http://www. cve. mitre. org/, 2011.