An API Honeypot for DDoS and XSS Analysis
| Title | An API Honeypot for DDoS and XSS Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Leaden, G., Zimmermann, M., DeCusatis, C., Labouseur, A. G. |
| Conference Name | 2017 IEEE MIT Undergraduate Research Technology Conference (URTC) |
| ISBN Number | 978-1-5386-2534-7 |
| Keywords | API honeypot, APIs, application program interfaces, attack profiles, compositionality, Computer crime, computer network security, Concurrent computing, cross-site scripting, cross-site scripting malware insertion, DDoS, distributed denial of service attack, invasive software, Malware, pubcrawl, REpresentational State Transfer Application Programming Interface, resilience, Resiliency, Servers, Testing, XSS |
| Abstract | Honeypots are servers or systems built to mimic critical parts of a network, distracting attackers while logging their information to develop attack profiles. This paper discusses the design and implementation of a honeypot disguised as a REpresentational State Transfer (REST) Application Programming Interface (API). We discuss the motivation for this work, design features of the honeypot, and experimental performance results under various traffic conditions. We also present analyses of both a distributed denial of service (DDoS) attack and a cross-site scripting (XSS) malware insertion attempt against this honeypot. |
| URL | http://ieeexplore.ieee.org/document/8284180/ |
| DOI | 10.1109/URTC.2017.8284180 |
| Citation Key | leaden_api_2017 |
- DDoS
- XSS
- testing
- Servers
- Resiliency
- resilience
- REpresentational State Transfer Application Programming Interface
- pubcrawl
- malware
- invasive software
- distributed denial of service attack
- API honeypot
- cross-site scripting malware insertion
- cross-site scripting
- Concurrent computing
- computer network security
- Computer crime
- Compositionality
- attack profiles
- application program interfaces
- APIs