Publication: A Survey on Deception Techniques for Securing Web Application
Date
2019
Authors
Mohd Efendi M.A.E.
Ibrahim Z.-A.
Ahmad Zawawi M.N.
Abdul Rahim F.
Muhamad Pahri N.
Ismail A.
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers Inc.
Abstract
Many web applications are developed to handle important and critical tasks, which may attract a large number of attackers. With various types of attacks, there is no finite solution to mitigate it's all. Deception technique is one of the area that can be explore to defend against web attack. Deception can detect, analyzed and defend against advanced web attack that cannot be done using existing anomaly-based detection and prevention techniques. Current deceptive solutions tend to be doubtful to application-layer protocols and lack of study on how deception can be applied at this level. Thus, those solutions can't properly be used to protect against application-layer attacks that are integrally based on elements from the application-layer itself. This research aims to study possible usages of deception techniques that could be incorporated in the context of application-layer traffic of web applications with the purpose of detecting web application attacks. The comparative results from this study will be used to identify which deception techniques are suitable to provide a useful layer of protection for a web application. � 2019 IEEE.
Description
Big data; Anomaly based detection; Application layer protocols; Application layers; deception; Prevention techniques; security; WEB application; Web application attacks; Network security