Research On Website Protection Technology Based On Cyber Deception

Web attacks have been a serious threat to cyber security for a long time.Conventionally,measures such as Web Application Firewall,Intrusion Detection System have proved to be very successful in detection and deterring non-targeted attack based on the analysis of known attack methods and vulnerabilities,but they are ineffective in combating targeted persistent attacks.On the one hand,because of the deterministic,static and isomorphic of the defense system,sophisticated and determined adversaries carry out repeated analysis and penetration on the target defense system through reconnaissance of target information and are always known to find their way around these.On the other hand,the existing website defense system often has no traceability and counterattack ability,once the attacker breaks through the border defense system,the subsequent attack is difficult to detect and track.In this study,we analyze the characteristics of web attacks,summarize the advantages and challenges of existing web defense research and innovatively present a defense mechanism based on Cyber Deception technology against targeted web attacks.On this basis,we propose a website defense model based on Cyber Deception such as Web Shadow Service and present an active defense strategy based on forwarding-based defense mechanism.We research a variety of web protection technology based on Cyber Deception,including traffic identification and forwarding,web mirroring,tracing the traceability technology,which proves the feasibility of the proposed defense model theoretically.And we design and implement a website protection prototype system based on Cyber Deception,which integrates the best advantages of the traditional perimeter-planted security mechanisms and Cyber Deception technology.The results of security tests show that the prototype system can effectively play the advantage of Cyber Deception technology against directional attack and achieve the multi-level defense effect including attack traffic transfer,attack behavior isolation and attack traceability.This study has some theoretical and practical significance to solve the challenges facing the current advanced web attack defense.