An Approach to Generate Realistic HTTP Parameters for Application Layer Deception
Deception is a form of active defense that aims to confuse and divert attackers who try to tamper with a system. Deceptive techniques have been proposed for web application security, in particular, to enrich a given application with deceptive elements such as honey cookies, HTTP parameters or HTML c...
Saved in:
| Published in | Applied Cryptography and Network Security Vol. 13269; pp. 337 - 355 |
|---|---|
| Main Authors | , , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer International Publishing AG
2022
Springer International Publishing |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Deception is a form of active defense that aims to confuse and divert attackers who try to tamper with a system. Deceptive techniques have been proposed for web application security, in particular, to enrich a given application with deceptive elements such as honey cookies, HTTP parameters or HTML comments. Previous studies describe how to automatically add and remove such elements into the application traffic, however, the elements themselves need to be decided manually, which is a tedious task (especially for large-scale applications) and makes the adoption of deception more cumbersome.
In this paper, we aim to automate the generation of deceptive HTTP parameter names for a given web application. Such parameters should seamlessly blend into application context and be indistinguishable from the rest of the parameters, in order to maximize the deception effect. To achieve this, we propose to use word embeddings trained with a domain-specific corpus obtained from existing web application source code. We evaluate our method through a survey, where we ask the participants to identify the deceptive parameters in two different web applications’ APIs. Moreover, the survey is composed of two variants in order to further experiment with the impact of the quantity and enticement of deceptive parameters.
The results confirm the effectiveness of our method in generating indistinguishable honey parameter names. We also find that the participants’ expectation of the ratio of honey parameters remains constant, regardless of the actual number. Thus, a higher number of honeytokens can provide a stronger defense. Moreover, making attackers aware of deception can help to obfuscate the real attack surface, e.g., by masquerading more than 10% of the real application elements to look like traps. Finally, although our work focuses on the generation of parameter names, we also discuss other related challenges in a holistic way, and provide multiple directions for future research. |
|---|---|
| AbstractList | Deception is a form of active defense that aims to confuse and divert attackers who try to tamper with a system. Deceptive techniques have been proposed for web application security, in particular, to enrich a given application with deceptive elements such as honey cookies, HTTP parameters or HTML comments. Previous studies describe how to automatically add and remove such elements into the application traffic, however, the elements themselves need to be decided manually, which is a tedious task (especially for large-scale applications) and makes the adoption of deception more cumbersome.
In this paper, we aim to automate the generation of deceptive HTTP parameter names for a given web application. Such parameters should seamlessly blend into application context and be indistinguishable from the rest of the parameters, in order to maximize the deception effect. To achieve this, we propose to use word embeddings trained with a domain-specific corpus obtained from existing web application source code. We evaluate our method through a survey, where we ask the participants to identify the deceptive parameters in two different web applications’ APIs. Moreover, the survey is composed of two variants in order to further experiment with the impact of the quantity and enticement of deceptive parameters.
The results confirm the effectiveness of our method in generating indistinguishable honey parameter names. We also find that the participants’ expectation of the ratio of honey parameters remains constant, regardless of the actual number. Thus, a higher number of honeytokens can provide a stronger defense. Moreover, making attackers aware of deception can help to obfuscate the real attack surface, e.g., by masquerading more than 10% of the real application elements to look like traps. Finally, although our work focuses on the generation of parameter names, we also discuss other related challenges in a holistic way, and provide multiple directions for future research. |
| Author | Sahin, Merve Hébert, Cédric Cabrera Lozoya, Rocio |
| Author_xml | – sequence: 1 givenname: Merve surname: Sahin fullname: Sahin, Merve email: merve.sahin@sap.com – sequence: 2 givenname: Cédric surname: Hébert fullname: Hébert, Cédric email: cedric.hebert@sap.com – sequence: 3 givenname: Rocio surname: Cabrera Lozoya fullname: Cabrera Lozoya, Rocio email: rocio.cabrera.lozoya@sap.com |
| BookMark | eNpFkMtOwzAQRQ0URFv4Axb-AcPY48bxsuItVaKgsrYcZ0IDJQmOWfD3JIDEajR3dEa6Z8YmTdsQY2cSziWAubAmFygApQCrUAt00uyxGQ7JTyD32VRmUgpEbQ_-D4gTNgUEJazReMRmcojMcLTymJ32_SsAKIOwwMWUPS4bvuy62Pqw5anlt9RQ9In4E_ld3ac68LvNZs3XPvp3ShR7XrVxRHZ18KluG77yXxT5FQXqxv2EHVZ-19Pp35yz55vrzeWdWD3c3l8uV6JTGpPwpdEBKpMFDJnVC1Pktiw1WgWl9kVWeQoys4UlbXMyVnqCssiACqUrLHOcM_X7t-9i3bxQdEXbvvVOghv1uUGfQzfUdj-23KhvgPQvNDT--KQ-ORqpQE2Kfhe2vhsrOgMyt5l2KlcOtcFvnWFv8g |
| ContentType | Book Chapter |
| Copyright | Springer Nature Switzerland AG 2022 |
| Copyright_xml | – notice: Springer Nature Switzerland AG 2022 |
| DBID | FFUUA |
| DEWEY | 005.8 |
| DOI | 10.1007/978-3-031-09234-3_17 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 3031092341 9783031092343 |
| EISSN | 1611-3349 |
| Editor | Ateniese, Giuseppe Venturi, Daniele |
| Editor_xml | – sequence: 1 fullname: Venturi, Daniele – sequence: 1 givenname: Giuseppe orcidid: 0000-0002-0848-878X surname: Ateniese fullname: Ateniese, Giuseppe email: gatenies@stevens.edu – sequence: 2 fullname: Ateniese, Giuseppe – sequence: 2 givenname: Daniele orcidid: 0000-0003-2379-8564 surname: Venturi fullname: Venturi, Daniele email: venturi@di.uniroma1.it |
| EndPage | 355 |
| ExternalDocumentID | EBC7018964_282_347 |
| GroupedDBID | 38. AABBV AALIB AAZWU ABSVR ABTHU ABVND ACHZO ACPMC ADNVS AEDXK AEJLV AEKFX AHVRR AIYYB ALMA_UNASSIGNED_HOLDINGS BBABE CZZ FFUUA IEZ SBO TPJZQ TSXQS Z7R Z7S Z7U Z7X Z7Z Z81 Z83 Z84 Z87 Z88 -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-p243t-ad74c0f76c3c69457b89dd43920d4ab6faec169b9e498e791ae0db60eb24f3d83 |
| ISBN | 3031092333 9783031092336 |
| ISSN | 0302-9743 |
| IngestDate | Wed Nov 06 06:37:27 EST 2024 Fri Jul 26 00:55:01 EDT 2024 |
| IsPeerReviewed | true |
| IsScholarly | true |
| LCCallNum | QA76.9.A25 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-p243t-ad74c0f76c3c69457b89dd43920d4ab6faec169b9e498e791ae0db60eb24f3d83 |
| OCLC | 1333703191 |
| PQID | EBC7018964_282_347 |
| PageCount | 19 |
| ParticipantIDs | springer_books_10_1007_978_3_031_09234_3_17 proquest_ebookcentralchapters_7018964_282_347 |
| PublicationCentury | 2000 |
| PublicationDate | 2022 |
| PublicationDateYYYYMMDD | 2022-01-01 |
| PublicationDate_xml | – year: 2022 text: 2022 |
| PublicationDecade | 2020 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 20th International Conference, ACNS 2022, Rome, Italy, June 20-23, 2022, Proceedings |
| PublicationTitle | Applied Cryptography and Network Security |
| PublicationYear | 2022 |
| Publisher | Springer International Publishing AG Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing AG – name: Springer International Publishing |
| RelatedPersons | Hartmanis, Juris Gao, Wen Steffen, Bernhard Bertino, Elisa Goos, Gerhard Yung, Moti |
| RelatedPersons_xml | – sequence: 1 givenname: Gerhard surname: Goos fullname: Goos, Gerhard – sequence: 2 givenname: Juris surname: Hartmanis fullname: Hartmanis, Juris – sequence: 3 givenname: Elisa surname: Bertino fullname: Bertino, Elisa – sequence: 4 givenname: Wen surname: Gao fullname: Gao, Wen – sequence: 5 givenname: Bernhard orcidid: 0000-0001-9619-1558 surname: Steffen fullname: Steffen, Bernhard – sequence: 6 givenname: Moti orcidid: 0000-0003-0848-0873 surname: Yung fullname: Yung, Moti |
| SSID | ssj0002730535 ssj0002792 |
| Score | 2.1138134 |
| Snippet | Deception is a form of active defense that aims to confuse and divert attackers who try to tamper with a system. Deceptive techniques have been proposed for... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 337 |
| SubjectTerms | Active defense Deception Web application security |
| Title | An Approach to Generate Realistic HTTP Parameters for Application Layer Deception |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=7018964&ppg=347 http://link.springer.com/10.1007/978-3-031-09234-3_17 |
| Volume | 13269 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07b9swECacdCk69I0mfYBDMxkqJJIWxaGDYaQwAtcoEKfIRogUjXaxA1sZkl-Trf8jv6x3IinJbpZ0EWyBsOS7w_Ee330k5DMT5QhH8xJlZZmIJVLeqown1lSZGhmJpzsg2mKeTy_E2eXocjD400MtXdfmi719cK7kf7QK90CvOCX7CM22Pwo34DPoF66gYbjuBb-7ZVYPLw7x42Rzc1UH4ummFTD3yO5QSq_bmvl5-csTBnxHlGOrT98qN2F2Z-K_VpvftmtPQNq8KYez9e36xseaOOXSN7bxCsPZOJx1MmEn49QTWtd4LgSSLCIx7HSx-AExK-LBkNQTIY5-7bhrow9nJWQB4AcD3sa7PaRj3n6dhYbHfF03OLJhPJMiuqh-DYOxvRpGrGHuVUG7QtxO0ssbNlPGPXFKHP4Cxw6pkfeVzvvyHBkauWdEDf6Ze4aZsNVzzxD8zy7SB47AwxJ8mki4zuQBOZAKHOmT8enZ7GdbzIMYEHly2hAAWRl9-8q_FQ4Vxbfmnvap-xe9gc6HHrmT-ux165sgaPGCPMPBGIoTKyC_l2TgVq_I86gCGlTwmpyPVzRaA63X93fREmhrCRQtgXaWQMES7u96VkAbK6CtFbwhF99OF5NpEs7uSK6Y4HVSVlLYdClzy22uxEiaQlUVRL8srURp8mXpbJYro5xQhZMqK11amTx1hoHDqAr-lhyu1iv3jlDuIMiHjadwFsJfmSljHYNEvVBWKGaWRySJAtINwiDAmq0Xx1bLNCtULjQrmOZCHpFhlKLG5VsdqbtB_JprEL9uxK9R_MePWv2ePO3s-wM5rDfX7iNErbX5FGzmLzqgjg8 |
| link.rule.ids | 782,783,787,796,27938 |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Applied+Cryptography+and+Network+Security&rft.au=Sahin%2C+Merve&rft.au=H%C3%A9bert%2C+C%C3%A9dric&rft.au=Cabrera+Lozoya%2C+Rocio&rft.atitle=An+Approach+to%C2%A0Generate+Realistic+HTTP+Parameters+for%C2%A0Application+Layer+Deception&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2022-01-01&rft.pub=Springer+International+Publishing&rft.isbn=9783031092336&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=337&rft.epage=355&rft_id=info:doi/10.1007%2F978-3-031-09234-3_17 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F7018964-l.jpg |