A New Web Deception System Framework with Intrusion and Ransomware Detection System [WDS-IRDS] Ahmed Ali Mohammed El-Kosairy
Material type:
TextLanguage: English Summary language: English Publication details: 2018Description: 96 p. ill. 21 cmSubject(s): Genre/Form: DDC classification: - 658
| Item type | Current library | Call number | Status | Date due | Barcode | |
|---|---|---|---|---|---|---|
Thesis
|
Main library | 658 / A.K.N / 2018 (Browse shelf(Opens below)) | Not For Loan |
Browsing Main library shelves Close shelf browser (Hides shelf browser)
Supervisor: Nashwa Abd El-Baki
Thesis (M.A.)—Nile University, Egypt, 2018 .
"Includes bibliographical references"
Contents:
ABSTRACT ...................................................................................................................................... 17
CHAPTER 1: INTRODUCTION ............................................................................................................ 19
1.1 GENERAL OVERVIEW ......................................................................................................... 19
1.2 AIMS AND OBJECTIVES ...................................................................................................... 20
1.3 RESEARCH GOALS AND APPROACH .................................................................................... 21
1.4 THESIS ORGANIZATION ...................................................................................................... 21
CHAPTER 2: BACKGROUND .............................................................................................................. 23
2.1 HONEYWEB, WEB PROTECTION AND DECEPTION-BASED SCHEMES ................................... 23
2.2 GAME THEORY-BASED SCHEMES ....................................................................................... 23
2.3 INTRUSION AND RANSOMWAREDETECTION-BASED SCHEMES .......................................... 24
SUMMARY...................................................................................................................................... 24
CHAPTER 3: PROPOSED WDS/ IRDS ARCHITECTURE AND DESIGN ................................................... 25
3.1WEB DECEPTION SYSTEM ARCHITECTURE AND DESIGN [WDS] ................................................... 25
3.1.1 GAME THEORY AND WEB DECEPTION ..................................................................................... 25
3.1.2PROPOSED WDS ARCHITECTURE .............................................................................................. 28
3.1.3 WDS STRUCTURE WITH GIDA MODULE DESIGN ...................................................................... 29
3.2 INTRUSION AND RANSOMWARE DETECTION SYSTEM ARCTURTURE AND DESIGN [IRDS] .......... 32
3.2.1 INTRUDER DETECTION FOR SERVERS AND NETWORK ............................................................. 32
3.2.2 DIFFERENCE BETWEEN RANSOMWARE DETECTION TECHNIQUES ........................................... 34
3.2.3 IRDS DESIGN ........................................................................................................................... 37
8
A. IRDS STRUCTURE AND DESIGN ............................................................................................... 37
B. IRDS AND POSITIONING TECHNIQUE ...................................................................................... 38
C. MISLEADING CONTENTS AND IRDS STRUCTURE/DESIGN ........................................................ 40
SUMMARY...................................................................................................................................... 42
CHAPTER 4: EXPERIMENTAL RESULTS .............................................................................................. 43
4.1 WDS EXPERIMENTS ................................................................................................................... 43
4.1.1 ATTACKS BEFORE USING THE PROPOSED WDS ....................................................................... 43
4.1.2 ATTACKS AFTER USING THE PROPOSED WDS .......................................................................... 44
4.2 IRDS EXPERIMENT ..................................................................................................................... 46
4.2.1 EXPERIMENT 1: TESTING RANSOMWARE DETECTION ............................................................. 46
4.2.2 EXPERIMENT 2: TESTING INTRUSION DETECTION ................................................................... 51
4.2.3 EXPERIMENT 3: COMPARING IRDS, FILE-HASHING, AND ENTROPY ......................................... 55
4.2.4 LIMITATIONS OF THE PROPOSED IRDS .................................................................................... 63
SUMMARY...................................................................................................................................... 64
CHAPTER 5: BENCHMARKING PROPOSED SCHEME .......................................................................... 66
SUMMARY...................................................................................................................................... 83
CHAPTER 6: CONCLUSIONS AND FUTURE WORK ............................................................................. 84
APPENDIX A.................................................................................................................................... 86
SPLUNK SECURITY INFORMATION AND EVENT MANAGEMENT ....................................................... 86
(SIEM)............................................................................................................................................. 86
A.1 WHAT IS SIEM ........................................................................................................................... 86
A.2CAPABILITIES/COMPONENTS ..................................................................................................... 86
A.3WHY SPLUNK............................................................................................................................. 87
APPENDIX B ................................................................................................................................ 90
WDS ALGORITHM: OUR PROPOSED WDS AGENT POLICY SCRIPT ............................... 90
REFERENCES ............................................................................
Abstract:
Web applications have many vulnerabilities that allow attackers to compromise sensitive data and
gain unauthorized access to the production web servers. Attackers and cybercriminals are always
in a race to either compromise networks and servers or embezzle ransoms through ransomware.
Current random attacks draw attention to the need for new protection and detection tools. Intruders
must be prevented from such exploitations of assets, and their malicious attempts counter-attacked.
Among the approaches of preventing intruders from compromising servers and networks is the use
of traditional security controls, such as Intrusion Prevention Systems (IPS), firewalls and Antiviruses.
Such tactics could be successful at lower attacks levels. Current attacks are more
aggressive, they can bypass most security tools. Servers are being compromised and files encrypted
for ransom.
In this thesis, we propose a web deception scheme to mitigate web attacks in the production web
site and detect any intrusion or ransomware in the server and endpoints. The solution is more like a
call for arms, using game theory, honeyweb, and honeytokens with ransomware and intrusion
detection.
Layers of deception systems are introduced to detect any intrusion or ransomware trying to gain
access to compromise private files by using a deception system based on honeyfiles and
honeytokens. A proof of concept is deployed with implementation of one of the key deception
methods proposed to detect ransomware and intruders. The proposed scheme is explained in detail
as well as simulation results.
Text in English, abstracts in English.
There are no comments on this title.