Abstract: Internet services and applications have become an inseparable part of daily life, enabling communication and the management of personal information from any places. To contain this increase in application and data complexity, web services have moved to a multitier model how the web server runs the application front-end logic and data are outsourced to a database or file server. In this paper we are presenting double guard and IDS models the network behavior of user sessions across both the front-end web server and the back-end database. By observing both web and subsequent database requests, we are able to find out attacks that are not dependent IDS would not be able to identify. Furthermore, we compute the limitations of any multitier architecture in terms of working sessions and functionality coverage. We implemented Intrusion Detection system using an Glassfish web server with SQL Server 2014 and lightweight virtualization. We then collected and processed real-world traffic over a 15 day period of system deployment in both dynamic and static web applications. Finally, using Double Guard, we could expose a large range of attacks with 90 percent accuracy while maintaining 5 percent false positives for static web services and 5 percent false positives for dynamic web services.

Keywords: Multitier, Double Guard, Escalation attack.