Conference proceeding
A Security Mechanism for Web Servers Based on Deception
Proceedings on the International Conference on Internet Computing (ICOMP)
01 Jan 2012
Abstract
The use of deception to deal with an adversary has been a tool for military strategists, intelligence agencies and law enforcement authorities for a long time. In computer security, deception includes actions taken to deliberately mislead attackers and to thereby cause them to take (or not take) specific actions that aid in the defense of a computer system. In recent years, honeypots have helped strengthen computer security through basic deception, by using them to study various attacks and monitor the way in which they were being accessed by an intruder. However, despite the importance of deception in computer security, deploying deception in modern web servers and web-based applications has not been extensively studied beyond deploying honeypots. In this paper, we examine the use of deception in the case where an intruder attacks a web server as a first step of an intrusion designed to access data sources on an internal network. We examine the development of a deception module which can be hooked into the Apache web server to detect malicious use of scripts and provide a deceptive response as necessary. [PUBLICATION ABSTRACT]
Metrics
6 Record Views
Details
- Title
- A Security Mechanism for Web Servers Based on Deception
- Creators
- Constantine KatsinisBrijesh Kumar
- Publication Details
- Proceedings on the International Conference on Internet Computing (ICOMP)
- Conference
- International Conference on Internet Computing (ICOMP)
- Publisher
- The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp)
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Identifiers
- 991020546707504721