Title | WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Zhang, Yaqin, Ma, Duohe, Sun, Xiaoyan, Chen, Kai, Liu, Feng |
Conference Name | 2020 IEEE International Conference on Web Services (ICWS) |
Date Published | oct |
Keywords | attack surface, Complexity theory, Conferences, insufficient coverage problem, Metrics, moving target defense, pubcrawl, Resiliency, Scalability, security, Uncertainty, Web attacks, web gene tree, web services |
Abstract | Moving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications. |
DOI | 10.1109/ICWS49710.2020.00054 |
Citation Key | zhang_wgt_2020 |