WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense

2020 IEEE International Conference on Web Services (ICWS) Pub Date : 2020-10-01 DOI:10.1109/ICWS49710.2020.00054

Yaqin Zhang, Duohe Ma, Xiaoyan Sun, Kai Chen, Feng Liu

{"title":"WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense","authors":"Yaqin Zhang, Duohe Ma, Xiaoyan Sun, Kai Chen, Feng Liu","doi":"10.1109/ICWS49710.2020.00054","DOIUrl":null,"url":null,"abstract":"Moving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications.","PeriodicalId":338833,"journal":{"name":"2020 IEEE International Conference on Web Services (ICWS)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Web Services (ICWS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICWS49710.2020.00054","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Moving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications.

查看原文本刊更多论文

WGT:通过基于Web基因树的移动目标防御挫败Web攻击

移动目标防御(MTD)提出了一种改变游戏规则的方法，通过增加攻击者的不确定性和复杂性来增强web安全性。已经研究了大量的web MTD技术来对抗各种类型的web攻击。然而，在大多数MTD技术中，攻击面只有固定的属性被转移，其余的被攻击者利用。目前，支持整个攻击面移动和解决部分覆盖问题的机制很少，其中只有一小部分可能的属性在整个攻击面移动。针对这一问题，本文提出了一种基于Web基因树(WGT)的MTD机制。关键是提取与漏洞相关的所有潜在可利用的关键属性作为web基因，并使用各种MTD技术对其进行变异，以抵御各种攻击。实验结果表明，该机制通过随机移动web基因和不同方式插入欺骗性基因，显著提高了web应用程序的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE International Conference on Web Services (ICWS)

自引率

0.00%

发文量