Intrusion Detection System for Multitier Web Based Application

Computing Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multitier design wherein the web server runs the application front-end logic and data are outsourced to a database or file server. In this report, we present Network Intrusion Detection System that models the network behavior of user sessions across both the front-end web server and the back-end database. By monitoring both web and subsequent database requests, we are able to ferret out attacks that independent IDS would not be able to identify. Furthermore, we quantify the limitations of any multitier IDS in terms of training sessions and functionality coverage. We implement Intrusion Detection System using an Apache web server with MySQL and lightweight virtualization. It is a system used to detect attacks in multitier web services. Our approach can create normality models of isolated user sessions that include both the web front-end (HTTP) and back-end (File or SQL) network transactions. To achieve this, we employ a lightweight virtualization technique to assign each user’s web session to a dedicated container, an isolated virtual computing environment. We can use the container ID to accurately associate the web request with the subsequent DB queries. Thus, Network Intrusion Detection System can build a causal mapping profile by taking both the web server and DB traffic into account. Keywords— Anomaly detection, virtualization, multitier web application