Visible to the public WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense

TitleWGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense
Publication TypeConference Paper
Year of Publication2020
AuthorsZhang, Yaqin, Ma, Duohe, Sun, Xiaoyan, Chen, Kai, Liu, Feng
Conference Name2020 IEEE International Conference on Web Services (ICWS)
Date Publishedoct
Keywordsattack surface, Complexity theory, Conferences, insufficient coverage problem, Metrics, moving target defense, pubcrawl, Resiliency, Scalability, security, Uncertainty, Web attacks, web gene tree, web services
AbstractMoving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications.
Citation Keyzhang_wgt_2020