A cross platform intrusion detection system using inter server communication technique

Abstract

In recent years, web applications have become tremendously popular. However, vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of risks. SQL injection attacks, which has been ranked at the top in web application attack mechanisms used by hackers can potentially result in unauthorized access to confidential information stored in a backend database and the hackers can take advantages due to flawed design, improper coding practices, improper validations of user input, configuration errors, or other weaknesses in the infrastructure. Whereas using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible phishing sites. In this paper we have made a survey on different techniques to prevent SQLi and XSS attacks and we proposed a solution to detect and prevent against the malicious attacks over the developer's Web Application written in programming languages like PHP, ASP.NET and JSP also we have created an API (Application Programming Interface) in native language through which transactions and interactions are sent to IDS Server through Inter Server Communication Mechanism. This IDS Server which is developed from PHPIDS, a purely PHP based intrusion detection system and has a system architecture meant only for PHP application detects and prevents attacks like SQLi (SQL Injection) and XSS(Cross-site scripting), LFI(Local File Inclusion), and RFE(Remote File Execution) and returns back the result to the Web Application and logs the intrusions. In addition to this behavioural pattern of Web Logs is analysed using WAPT algorithm (Web Access Pattern Tree), which helps in recording the activity of the web application and examines any suspicious behaviour, uncommon patterns of behaviour over a period of time, and it also monitors the increased activity and known attack variants. Based on this an report is generated dynamically using P-Chart which can help the Website owner to increase the security measures, and also used to improve the quality of the Web Application.