Defending Against Web Application Attacks Using Offensive Decoy Techniques

Authors

  • Ankit Sinha  BE, Department of Computer Technology, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Chintan Pandya  BE, Department of Computer Technology, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Dipali Patil  BE, Department of Computer Technology, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Mandar Mulmuley  BE, Department of Computer Technology, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Ruchika Makh  BE, Department of Computer Technology, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India
  • Amita Meshram  Assistant Professor, Department of Computer Technology, Rajiv Gandhi College of Engineering and Research, Nagpur, Maharashtra, India

Keywords:

Data Security, Decoy Technique, Insider Theft Attacks, Web Based Attacks

Abstract

Information security guarantees to fundamentally change the manner in which we use PCs and access and store our own and business data. With this new registering and interchanges, ideal models emerge new information security challenges. Existing information security instruments, for example, encryption have flopped in averting information robbery attacks, particularly those executed by an insider to the service supplier. We propose an alternate methodology for verifying information in the fog processing utilizing hostile decoy innovation. We screen information access in the fog and recognize anomalous information get to designs. At the point, when unapproved gets suspected and after that confirmed utilizing test questions, we dispatch a disinformation attack by returning a lot of decoy data to the attacker. This ensures against the abuse of the client's genuine information. Investigations directed in a nearby record setting give proof that this methodology may give remarkable dimensions of client information security in a fog situation.

References

  1. Z. Su and G. Wassermann, “The essence of command injection attacks in web applications,” in Proceedings of the 33rd ACM Symposium on Principles of Programming Languages, 2006, pp. 372–382.
  2. D. Ray and J. Ligatti, “Defining code-injection attacks,” in POPL ’12. ACM, 2012, pp. 179–190.
  3. M. Heiderich, M. Niemietz, F. Schuster, T. Holz, and J. Schwenk, “Scriptless attacks: stealing the pie without touching the sill,” in Proceedings of the 19th conference on Computer and communications security, 2012, pp. 760–771.
  4. J. Dahse, N. Krein, and T. Holz, “Code reuse attacks in PHP: Automated POP chain generation,” in Proceedings of the 21st ACM Conference on Computer and Communications Security, 2014, pp. 42–53.
  5. W. G. Halfond, J. Viegas, and A. Orso, “A classification of SQL-injection attacks and countermeasures,” in Proceedings of the International Symposium on Secure Software Engineering, Mar. 2006.
  6. M. Shahzad, M. Z. Shafiq, and A. X. Liu, “A large scale exploratory analysis of software vulnerability life cycles,” in ICSE ’12. IEEE Press, 2012, pp. 771–781.
  7. W. G. Halfond, J. Viegas, and A. Orso, “A Classification of SQL Injection Attacks and Countermeasures,” in Proc. of the International Symposium on Secure Software Engineering, March 2006. MySpace Samy Worm, “http://namb.la/popular/tech.html,” 2005.
  8. A. Barth, J. Caballero, and D. Song, “Secure content sniffing for web browsers, or how to stop papers from reviewing themselves,” in
  9. Oakland’09: Proceedings of the 30th IEEE Symposium on Security and Privacy, 2009, pp. 360–371.
  10. Gmail CSRF Security Flaw, “http://ajaxian.com/archives/gmail-csrfsecurity-flaw,” 2007.
  11. M. Johns, “Sessionsafe: Implementing xss immune session handling,” in ESORICS’06: Proceedings of the 11th European Symposium On Research In Computer Security, 2006.
  12. A. Barth, C. Jackson, and J. C. Mitchell, “Robust defenses for cross-site request forgery,” in CCS’08: Proceedings of the 15th ACM conference on Computer and communications security, 2008, pp. 75–88.
  13. N. Jovanovic, E. Kirda, and C. Kruegel, “Preventing cross site request forgery attacks,” in SecureComm’06: 2nd International Conference on Security and Privacy in Communication Networks, 2006, pp. 1 –10.
  14. M. Johons and J. Winter, “Requestrodeo: Client-side protection against session riding,” in OWASP AppSec Europe, 2006.
  15. Z. Mao, N. Li, and I. Molloy, “Defeating cross-site request forgery attacks with browser-enforced authenticity protection,” in FC’09: 13th International Conference on Financial Cryptography and Data Security, 2009, pp. 238–255.

International Journal of Scientific Research in Science and Technology

Downloads

Published

2019-02-28

Issue

Volume 6, Issue 1, January-February-2019

Section

Research Articles

License

Copyright (c) IJSRST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Ankit Sinha, Chintan Pandya, Dipali Patil, Mandar Mulmuley, Ruchika Makh, Amita Meshram, " Defending Against Web Application Attacks Using Offensive Decoy Techniques, International Journal of Scientific Research in Science and Technology(IJSRST), Online ISSN : 2395-602X, Print ISSN : 2395-6011, Volume 6, Issue 1, pp.284-290, January-February-2019.