Container Based Intrusion Detection System in Multitier Web Applications

Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multi tier design wherein the web server runs the application front-end logic and data are outsourced to a database or file server. In this paper, we present an IDS system that models the network behavior of user sessions across both the front-end web server and the back-end database. By monitoring both web and subsequent database requests, we are able to ferret out attacks that independent IDS would not be able to identify. Furthermore, we quantify the limitations of any multi tier IDS in terms of training sessions and functionality coverage. We implemented using an Apache web server with MySQL and lightweight virtualization.