Journals Proceedings

Abstract

Network Intrusion Detection Systems (IDSs) which are based on sophisticated algorithms rather than current signature-base detections are in demand. Web services have moved to a multi-tiered design wherein the web server runs the application front-end logic and data are outsourced to a database or file server in order to enable communication and the management of personal information from anywhere. The proposed system is Container based Intrusion Detection System, an IDS system that models the network behavior of user sessions across both the front-end web server and the back-end database. This system used to detect attacks in multi-tiered web services. Our approach can create normality models of isolated user sessions that include both the web front-end (HTTP) and back-end (File or SQL) network transactions. For websites that do not permit content modification from users, there is a direct causal relationship between the requests received by the front-end web server and those generated for the database back end. Virtualization is used to isolate objects and enhance security performance. Lightweight containers can have considerable performance advantages over full virtualization containers.