A Survey on Deception Techniques for Securing Web Application

Abstract

Many web applications are developed to handle important and critical tasks, which may attract a large number of attackers. With various types of attacks, there is no finite solution to mitigate it's all. Deception technique is one of the area that can be explore to defend against web attack. Deception can detect, analyzed and defend against advanced web attack that cannot be done using existing anomaly-based detection and prevention techniques. Current deceptive solutions tend to be doubtful to application-layer protocols and lack of study on how deception can be applied at this level. Thus, those solutions can't properly be used to protect against application-layer attacks that are integrally based on elements from the application-layer itself. This research aims to study possible usages of deception techniques that could be incorporated in the context of application-layer traffic of web applications with the purpose of detecting web application attacks. The comparative results from this study will be used to identify which deception techniques are suitable to provide a useful layer of protection for a web application. © 2019 IEEE.