Abstract
Recent years have seen momentous growth in web attacks that has motivated researchers to come up with sophisticated techniques to tackle them. Lately, there has been growing interest to counter web attacks using deception techniques because they help in realizing attacker behavior, motives and abilities besides protecting the website. This paper proposes a complete high interaction web deception system which is assisted by a hybrid attack detection module comprising of a deep learning based classifier coupled with a cookie analysis engine that helps in attacker profiling. The detection module routes malicious HTTP (Hypertext Transfer Protocol) requests to the dockers based deception system which is controlled and managed by a docker controller. The proposed containerized approach makes the system efficient, reduces latency and enhances runtime development. The key feature of attacker profiling empowers the proposed system to deal with attackers carrying zero day attack payloads besides providing efficient session management and scenario based emulation. The proposed deception system caters for all major web application attacks and has high attacker engagement when tested in a real-time environment. Moreover, the proposed framework is scalable, agile and supports easy framework modification making it suitable even for IoT (Internet of Things) networks. The proposed attack detection module gave an accuracy of 99.94% and is less time consuming than other research works because of its profiling feature. These features give the proposed framework a high competitive edge over other web deception solutions.
Original language | English |
---|---|
Article number | 103169 |
Number of pages | 17 |
Journal | Journal of Information Security and Applications |
Volume | 67 |
Early online date | 19 Apr 2022 |
DOIs | |
Publication status | Published - Jun 2022 |
Externally published | Yes |
Keywords
- Web security
- Deception
- Web deception
- Web attacks
- HTTP
- Web honeypot