Cloxy: A Context-aware Deception-as-a-Service Reverse Proxy for Web Services

Legacy software, outdated applications and fast changing technologies pose a serious threat to information security. Several domains, such as long-life industrial control systems and Internet of Things devices, suffer from it. In many cases, system updates and new acquisitions are not an option. In this paper, a framework that combines a reverse proxy with various deception-based defense mechanisms is presented. It is designed to autonomously provide deception methods to web applications. Context-awareness and minimal configuration overhead make it perfectly suited to work as a service. The framework is built modularly to provide flexibility and adaptability to the application use case. It is evaluated with common web-based applications such as content management systems and several frequent attack vectors against them. Furthermore, the security and performance implications of the additional security layer are quantified and discussed. It is found that, given sound implementation, no further attack vectors are introduced to the web application. The performance of the prototypical framework increases the delay of communication with the underlying web application. This delay is within tolerable boundaries and can be further reduced by a more efficient implementation.

[1]  Xiao Han,et al.  Evaluation of Deception-Based Web Attacks Detection , 2017, MTD@CCS.

[2]  N. Rowe Deception in defense of computer systems from cyber-attack , 2007 .

[3]  Hans D. Schotten,et al.  On the Detection and Handling of Security Incidents and Perimeter Breaches - A Modular and Flexible Honeytoken based Framework , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[4]  Chaoge Liu,et al.  Poster: A Website Protection Framework Against Targeted Attacks based on Cyber Deception , 2017 .

[5]  Aggelos Kiayias,et al.  Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system , 2014, ACSAC.

[6]  Hans D. Schotten,et al.  Demystifying Deception Technology: A Survey , 2018, ArXiv.

[7]  Marcin Nawrocki,et al.  A Survey on Honeypot Software and Data Analysis , 2016, ArXiv.

[8]  Eugene H. Spafford,et al.  Ghost Patches: Fake Patches for Fake Vulnerabilities , 2017, SEC.

[9]  Oscar Serrano Serrano,et al.  Changing the game: The art of deceiving sophisticated attackers , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[10]  Ofir Arkin,et al.  The Present and Future of Xprobe2 The Next Generation of Active Operating System Fingerprinting , 2003 .

[11]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[12]  Mohammed H. Almeshekah Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses , 2015 .

[13]  Gianluca Stringhini,et al.  Honey Sheets: What Happens to Leaked Google Spreadsheets? , 2016, CSET @ USENIX Security Symposium.

[14]  Mohammed H. Almeshekah,et al.  Planning and Integrating Deception into Computer Security Defenses , 2014, NSPW '14.

[15]  Yimin Chen,et al.  Automatic deception detection: Methods for finding fake news , 2015, ASIST.

[16]  Hans D. Schotten,et al.  Defending Web Servers with Feints, Distraction and Obfuscation , 2018, 2018 International Conference on Computing, Networking and Communications (ICNC).

[17]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[18]  Stefan Katzenbeisser,et al.  From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation , 2014, CCS.

[19]  Mladen A. Vouk,et al.  Defensive computer-security deception operations: processes, principles and techniques , 2006 .

[20]  Gregory D. Abowd,et al.  Towards a Better Understanding of Context and Context-Awareness , 1999, HUC.

[21]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[22]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[23]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[24]  Neil C. Rowe,et al.  Defending Cyberspace with Fake Honeypots , 2007, J. Comput..

[25]  Jafar Haadi Jafarian,et al.  WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation , 2017, MTD@CCS.

[26]  Lior Rokach,et al.  HoneyGen: An automated honeytokens generator , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[27]  Hans D. Schotten,et al.  Introducing Falcom: A Multifunctional High-Interaction Honeypot Framework for Industrial and Embedded Applications , 2018, 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security).