We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Deceptive Security using Python

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
9
 Cite
 Share
 Related Material
 Download Purchase
Logo of EuroPythonEuroPython
 Deshpande, Gajendra

Formal Metadata

Title
Deceptive Security using Python
Subtitle
Deceiving hackers to protect your resources
Title of Series
Number of Parts
130
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Imagine you are passing through an unknown street at midnight and you find that some anti-social elements are following you. To save yourself from them you start running and look for a safe place to hide. On the way, you will find a good person and requests him to help you. He hides you in his place to protect you. When these anti-social elements visit a good person’s place and enquire about you, the good person misguides them and redirects them to some other place in order to protect you. This is exactly how deception works. In this analogy, YOU are the resources to be protected, anti-social elements are the hackers who want to gain access to the resources, and a good person is a deception technique that protects the resources from hackers by making them fall in the trap. The talk begins with an introduction to deception technology, deception types, and methods, a deceptive security life cycle. In this talk, we will demonstrate the following deception tools implemented using python language: • WebTrap (https://github.com/IllusiveNetworks-Labs/WebTrap): is designed to create deceptive webpages to deceive and redirect attackers away from real websites. The deceptive webpages are generated by cloning real websites, specifically their login pages. • DemonHunter (https://github.com/RevengeComing/DemonHunter): is a distributed low interaction honeypot with Agent/Master design Finally, we will conclude the talk with how built a deception tool and demonstrate its working. How we implemented a deception tool in python using machine learning: We designed a deception tool in python language using PyBRAIN package to model and mitigate XPath injection attacks for web services. It is known that XML can be used to store the data and this data can be queried using XPath query language. XPath is a query language, it has injection issues similar to SQL. To handle this issue, we proposed a solution, which uses a count-based validation technique and Long Short-Term Memory (LSTM) modular neural networks to identify and classify atypical behavior in user input. Once the atypical user input is identified, the attacker is redirected to fake resources to protect the critical data. Our experiment resulted in over 90% accuracy in the classification of input vectors. Outline 1. Introduction to deception, Deception types, Deception technology applicable methods and Deception Life cycle(08 Minutes) 2. Demonstration of WebTrap deception tool(04 Minutes) 3. Demonstration of DemonHunter deception tool(04 Minutes) 4. Discussion of our deception tool and demonstration(06 Minutes) 5. Conclusion and Questions(03 Minutes) Audience No experience level of Python is needed. In general, anyone can attend this talk and learn about applying deception techniques and machine learning to application security.
EuroPython 202053 / 130
1
Thumbnail
29:48
Automate your tasks with Python and publish with Chat Apps
2
Thumbnail
17:45
Writing Good Python
3
Thumbnail
21:06
Building The Perfect Personalised Menu Using Python
4
Thumbnail
24:12
A pythonic full-text search
5
Thumbnail
25:00
Everything You Know About MongoDB is Wrong!
6
Thumbnail
24:05
gRPC Python, C Extensions, and AsyncIO
7
Thumbnail
21:20
Speak Python with Devices
8
Thumbnail
20:46
Writing Clean Abstractions
9
Thumbnail
29:30
The Hidden Power of the Python Runtime
10
Thumbnail
30:54
The Python Data Visualization Landscape in 2020
11
Thumbnail
34:32
Telehealth Platform : Python & Django powered
12
Thumbnail
29:08
15 Things You Should Know About Spacy
13
Thumbnail
25:54
Clean Architectures in Python
14
Thumbnail
27:08
pyRT - Computer Graphics in Jupyter Notebooks for Fun and Teaching
15
Thumbnail
44:51
Difficulties of Python code development: packages,virtualenvs and package mangers
16
Thumbnail
26:54
Full Stack Type Safety
17
Thumbnail
42:21
A deep dive and comparison of Python drivers for Cassandra and Scylla
18
Thumbnail
45:29
Tools for maintaining an open source Python project
19
Thumbnail
32:05
Best practices for production-ready Docker packaging
20
Thumbnail
26:50
IoTPy: Python + Streams + Agents for Streaming Applications
21
Thumbnail
32:33
Extending Python with Rust
22
Thumbnail
24:38
Supercharge your Data Science workflow with Notebooks, VS Code, and Azure
23
Thumbnail
28:23
Static Typing in Python
24
Thumbnail
40:41
Europython 2020 - Opening Session
25
Thumbnail
27:40
Attractive GUIs with PySimpleGUI
26
Thumbnail
25:40
Object Internals
27
Thumbnail
36:23
Live-coding a music synthesizer
28
Thumbnail
28:12
API-schema-based testing with schemathesis
29
Thumbnail
27:24
Extending HTTP for fun and non-profit
30
Thumbnail
23:11
The joy of deleting code
31
Thumbnail
28:30
Creating an inclusive team culture in times of change
32
Thumbnail
44:40
Lessons from the Trenches: rewriting and re-releasing virtualenv
33
Thumbnail
45:26
How to write multi-paradigm code
34
Thumbnail
28:58
Serverless 2.0 with Cloudstate.io-stateful functions with Python
35
Thumbnail
47:00
Staying for the Community: Building Community in the face of Covid-19
36
Thumbnail
29:08
Effective Code Reviews
37
Thumbnail
32:01
Python in Prison: how open source can change a criminal justice system
38
Thumbnail
24:44
Social distancing from your system’s dependencies: An API’s Story
39
Thumbnail
19:10
Radio Astronomy with Python
40
Thumbnail
26:52
Taking Part in the Greatest Experiment in History
41
Thumbnail
53:39
Decision Science with Probabilistic Programming
42
Thumbnail
43:44
Django Clone From Scratch With Flask
43
Thumbnail
42:42
Painless Machine Learning in Production
44
Thumbnail
29:41
Train. Serve. Deploy! Story of a NLP Model ft. PyTorch, Docker, Uwsgi and Nginx
45
Thumbnail
30:49
A Brief History of Jupyter Notebooks
46
Thumbnail
26:01
Pluggable Architecture
47
Thumbnail
29:56
Roadmap to an Open Source Artificial Pancreas & Diabetes monitoring with Flask
48
Thumbnail
29:12
Detecting and Analyzing Solar Panels in Switzerland using Aerial Imagery
49
Thumbnail
28:16
Deploy your Machine Learning Bots like a boss with CI/CD
50
Thumbnail
29:46
Speed Up Your Data Processing
51
Thumbnail
46:01
Docker and Python: making them play nicely and securely for Data Science and ML
52
Thumbnail
41:40
So, You Want to Build an Anti-Virus Engine?
53
Thumbnail
20:31
Deceptive Security using Python
54
Thumbnail
23:39
Can we deploy yet?
55
Thumbnail
33:30
Writing and Scaling Collaborative Data Pipelines with Kedro
56
Thumbnail
04:52
Morning Announcements 07/24
57
Thumbnail
26:42
The Hitchhiker's Guide to CLIs in Python
58
Thumbnail
13:10
Durable Functions: Answer to Serverless Needs
59
Thumbnail
27:42
Building quantum applications with D-Wave's Leap
60
Thumbnail
43:46
The Phantom of Radon
61
Thumbnail
26:38
ScanAPI
62
Thumbnail
47:11
Guido van Rossum Q&A
63
Thumbnail
23:59
Overcoming access control in web APIs
64
Thumbnail
24:49
Creating the Next Generations of Billionaires - Part 2
65
Thumbnail
29:56
How to sort anything
66
Thumbnail
43:04
We have nearly one million lines of Python 2 code in production – and now?
67
Thumbnail
48:03
EuroPython 2020 - Lightning Talks 07/23
68
Thumbnail
43:26
HTTP/3 – Why should I care?
69
Thumbnail
41:01
Resurrecting a django project in python 2.7 for 3.8
70
Thumbnail
1:11:08
Simulation of logistic systems in Python with salabim
71
Thumbnail
25:43
Writing Extensions and Bindings for GPU made Easy
72
Thumbnail
29:04
Developing a match-making algorithm between customers and Go-Jek products!
73
Thumbnail
37:02
Machine Learning for Everyone
74
Thumbnail
27:23
Ray: Scalability from a Laptop to a cluster
75
Thumbnail
27:25
NLPeasy - a Workflow to Analyse, Enrich, and Explore Textual Data
76
Thumbnail
42:42
The Painless Route in Python to Fast and Scalable Machine Learning
77
Thumbnail
30:26
Growing a Python Community at an Enterprise Scale
78
Thumbnail
43:40
Painting with GANs: Challenges and Technicalities of Neural Style Transfer
79
Thumbnail
25:17
Top 15 Python Tips for Data Cleaning/ Understanding
80
Thumbnail
29:38
Automating machine learning workflow with DVC
81
Thumbnail
26:10
Running Unit Test on Top of Serverless Service
82
Thumbnail
19:10
Python Emergency Remote Teaching
83
Thumbnail
22:47
EuroPython 2021: Help us build the next edition!
84
Thumbnail
28:12
Find a new job - Sponsor Presentations
85
Thumbnail
28:57
Python Memory Management 101
86
Thumbnail
44:25
Why Transformers Work
87
Thumbnail
30:55
Running EuroPython 2020 as an online conference
88
Thumbnail
41:56
Advanced Infrastructure Management in Kubernetes using Python
89
Thumbnail
45:28
Meditations on First Deployment: A Practical Guide to Responsible Development
90
Thumbnail
31:06
Interactive Mapmaking with Python
91
Thumbnail
18:29
Digital Transformation in the fight against Coronavirus
92
Thumbnail
25:59
Cultivating a Culture of Creativity, Collaboration, and Captainship
93
Thumbnail
34:46
Tests that (Almost) Write Themselves
94
Thumbnail
26:40
Ensuring data integrity with asynchronous programming in a cloud IoT core
95
Thumbnail
23:27
Corona-Net
96
Thumbnail
26:18
Community-oriented conference status during COVID-19
97
Thumbnail
27:41
Decade of PyCon JP: How we spread the Python community in Japan
98
Thumbnail
28:31
Tooling for Static Analysis of Python Programs
99
Thumbnail
47:28
EuroPython 2020 - Lightning Talks 07/24
100
Thumbnail
19:41
EuroPython 2020 - Closing Session
101
Thumbnail
30:13
How to Avoid Becoming a 10x Engineer
102
Thumbnail
31:12
The Joy of Creating Art with Code.
103
Thumbnail
29:20
Honey, There Is a Python in My Android Phone!
104
Thumbnail
26:49
Django Testing on Steroid: pytest + Hypothesis
105
Thumbnail
34:28
Accessible Python education for schoolgirls using Avocados, Zombies, and Korean!
106
Thumbnail
29:31
Flasync Await
107
Thumbnail
26:02
Boosting simulation performance with Python
108
Thumbnail
27:38
Elegant Exception Handling
109
Thumbnail
45:33
Practical Optimisations for Pandas
110
Thumbnail
27:57
Migrating codebases with millions of modules from Python 2 to Python 3
111
Thumbnail
30:40
Building reproducible distributed applications at scale
112
Thumbnail
29:01
Python Table Manners: Cut the Cookie Gracefully
113
Thumbnail
37:42
Writing Zenlike Python
114
Thumbnail
26:10
Real Time Machine Learning with Python
115
Thumbnail
29:33
How to be Pythonic? Design a Query Language in Python
116
Thumbnail
45:11
Building smarter solutions with no expertise in machine learning
117
Thumbnail
28:42
Yet another package for multi-tenancy in Django
118
Thumbnail
29:41
There’s a Snake in the Birdhouse!
119
Thumbnail
27:11
IPython: The Productivity Booster
120
Thumbnail
27:44
Your Name Is Invalid!
121
Thumbnail
26:42
Diffprivlib: Privacy-preserving machine learning with Scikit-learn
122
Thumbnail
44:49
How to Run a Corridor Track in a Remote Conference with Python
123
Thumbnail
30:42
Probabilistic Forecasting with DeepAR and AWS SageMaker
124
Thumbnail
32:12
Developing GraphQL API in Django using Graphene
125
Thumbnail
28:56
An ASGI Server from scratch
126
Thumbnail
44:44
Mastering a data pipeline with Python: 6 years of learned lessons from mistakes
127
Thumbnail
28:21
Sharing Reproducible Python Environments with Binder
128
Thumbnail
40:26
30 Golden Rules of Deep Learning Performance
129
Thumbnail
13:39
Reduce hardware costs in Internet of Things using Python
130
Thumbnail
30:26
Bringing your Python script to more users!
00:00
Information securityInformation securityPerfect groupXMLUMLComputer animationMeeting/Interview
00:17
Information securityContent (media)DemonElement (mathematics)Hacker (term)Mechanism designTime evolutionSource codeType theoryInformationClient (computing)Server (computing)Token ringInstallation artWeb pageHome pageWebsiteCloningUniform resource locatorMessage passingDirectory serviceFunction (mathematics)RootProgrammable read-only memoryBlogCommunications protocolSpacetimeCybersexWeb serviceCloud computingPhysical systemArtificial neural networkCodeDatabaseParsingInjektivitätRecurrence relationModul <Datentyp>ArchitectureRekursives neuronales NetzoutputCountingRegulärer Ausdruck <Textverarbeitung>Revision controlPasswordAuthenticationProxy serverInformation securityPersonal digital assistantHacker (term)Validity (statistics)Content (media)Internet service providerMereologyWeb pageInformationWeb 2.0CodeNatural numberCommunications protocolEvolutePasswordExterior algebraQuery languageMaxima and minimaoutputMechanism designArtificial neural networkLine (geometry)CyberspaceService-oriented architectureOrder (biology)Combinational logicExistenceGoodness of fitRelational databaseGraph coloring2 (number)InjektivitätMessage passingVector spacePoint cloudParameter (computer programming)Home pageComputer fileProjective planeLoginCloningServer (computing)Modul <Datentyp>WebsiteInteractive televisionFunction (mathematics)Web serviceData managementUser interfaceState of matterUniform resource locatorElement (mathematics)Cartesian coordinate systemSimilarity (geometry)Complete informationPhysical systemDirectory servicePhishingDiagramFront and back endsSystem administratorConnectivity (graph theory)Recurrence relationType theoryComputer architectureVulnerability (computing)Operator (mathematics)CASE <Informatik>Operating systemDecision theoryNetzwerkdatenbanksystemSlide ruleData storage deviceRight angleGreatest elementReal numberDifferent (Kate Ryan album)WeightNumberDemonAnalogyDescriptive statisticsPoint (geometry)UDP <Protokoll>File Transfer ProtocolComputer animation
10:29
Exploit (computer security)Regulärer Ausdruck <Textverarbeitung>Web serviceArchitectureService-oriented architectureComputing platformSoftware frameworkException handlingPressure volume diagramVector spaceAerodynamicsoutputQuery languageTime zoneDatabaseInjektivitätObservational studyArtificial neural networkModul <Datentyp>CybersexInformation securityDependent and independent variablesServer (computing)Physical systemSystementwurfMessage passingCodeTable (information)Data miningBuildingMaxima and minimaSingle-precision floating-point formatNumerical digitEquals signFamilyAlgorithmRoundingFunction (mathematics)Bit rateSocial classQueue (abstract data type)Client (computing)Web browserIntelCoprocessorIntegrated development environmentComputer hardwareFormal languageGraph (mathematics)Fedora CoreSystem programmingInformationLibrary (computing)Machine learningArtificial intelligenceReinforcement learningInstallation artCloningStandard deviationCoding theoryDirectory serviceRoutingTemplate (C++)Pairwise comparisonNumberNegative numberAverageExecution unitLine (geometry)Installable File SystemVirtual machineHome pageError messageDigital filterArtificial neural networkHoaxLibrary (computing)Virtual machineSingle-precision floating-point formatSoftware frameworkThresholding (image processing)Real numberNegative numberFrequencyResultantUniform resource locatorPasswordCASE <Informatik>Multiplication signLoginRight angleMessage passingInjektivitätServer (computing)Web 2.0Stability theoryUser interfaceoutputVector spaceClient (computing)InformationTerm (mathematics)Physical systemPosition operatorQuery languageModul <Datentyp>Electronic data processingObservational studyEndliche ModelltheorieError messageOperator (mathematics)Software testingEntire functionSet (mathematics)PropagatorResponse time (technology)Real-time operating systemValidity (statistics)CountingAverageComputer fileContent (media)Slide ruleBit rateTable (information)DigitizingCartesian coordinate systemLikelihood functionPresentation of a groupDataflowFehlererkennungFunction (mathematics)Multitier architectureEmailMobile WebInformation securityCategory of beingString (computer science)Utility softwareLengthElectric generatorLogicInstallation artTemplate (C++)Offenes KommunikationssystemBoolean algebraDifferential equationPiWeb serviceReinforcement learningSampling (statistics)AlgorithmData structureHome pageGraph (mathematics)NumberWeb browserForm (programming)Row (database)Computer animation
20:27
Computer animation
Transcript: English(auto-generated)
00:07
Perfect. So you're going to talk about security on Python with us today, isn't it? Yeah. Wonderful. So, well, whenever you're ready, the floor is yours. Hello, everyone. My name is Gajendra Deshpande, and I'm working as an assistant professor
00:22
in KLS Cocte Institute of Technology, India. Today, I will be delivering a talk on deceptive security using Python. So these are the contents which we are going to discuss today briefly. So introduction to deception, then two tools WebTrap and Demon Hunter, deception tools,
00:42
then what our experiment, how we developed a deception technique, then conclusion. And finally, the references. Imagine you are passing through an unknown state at midnight and you find that some antisocial elements are following you.
01:01
To save yourself from them, you start running and look for a safe place to hide. On the way, you will find some good person and you request him to help you. So he hides you in his place to protect you. When these antisocial elements visit a good person's place and then fight about you,
01:20
the good person misguides them and directs them to some other place in order to protect you. This is exactly how deception works. In this analogy, you are the resource to be protected. Antisocial elements are the hackers who want to gain access to the resources. And a good person is a deception technique that protects the resources from hackers by making them fall in the trap.
01:49
Now, let's understand the basic idea behind deception, how it works. The definition of deception is that it's a technique where hackers methods will be used as a security mechanism that is phishing the phishers.
02:03
Now, let's assume that you have a legitimate website of a bank, and what hackers do is they create a similar user interface which looks exactly the same, but the backend is different. So when you enter your details, assuming that it's a legal website,
02:25
but in the backend, hackers are collecting your data to carry out the further attacks. Now, deception is the military tactic used by both attackers as well as defenders. So in our case, we are using to protect our resources.
02:40
Now, this diagram shows how deception works. Now, there are two users. One is the benign user and the second one is the malicious user. Now, both have access to the common user interface. Now, depending on the type of user, depending on the input, depending on the activity, either they will be provided with the real system or the deceptive system.
03:03
So benign user, if he's authorized, if he's authenticated correctly, then he will be given access to the real system. Otherwise, the malicious user will be redirected to the deceptive system, which looks exactly the same, but it's not a real system.
03:20
Now, there are two types of deception technology. One is active deception and second one is passive deception. In active deception, what happens is inaccurate information will be provided to the hackers intentionally to fall further trap. In passive detection, incomplete information will be provided.
03:41
So intruders will try to gain the other part of the information and fall further trap. Now, they can also be classified as a client-side deception and server-side deception. So mostly client-side deception is used by hackers to deceive the legitimate users. Whereas the server-side deception, it is used by the security providers to deceive the hackers.
04:03
Now, you can develop a better deception by combining both approaches, that is active deception and passive deception. That is, you can come up with a better deception which has incomplete as well as inaccurate information. Now, let's see the deception's evolution and its advantages.
04:23
Now, honeypots were introduced in the year 1998. So honeypots are the small traps in the network. When trying to access those points, they will fall further trap. Then HoneyNet is nothing but the network of honeypots. They were introduced in the year 2000. Then Honey token is a small piece of information which is embedded in the real information.
04:47
When somebody steals the real information, this token will give the alert to the system administrator saying that so-and-so message has been stolen. And it gives the information about how it has been stolen.
05:01
The next honeypots 2.0 were introduced in the year 2012. The deception technology came into existence in the year 2016. The advantages of deception are increased accuracy, minimal investment and future ready. So it is applicable to even new technology and even the existing technology.
05:22
Now, let's first discuss the web trap deception tool. It is designed to create deceptive web pages to deceive and redirect attackers away from the real websites. So the deceptive web pages are generated by cloning the real websites, specifically their login pages. So this project has two files. Basically one is web cloner and the second one is web server.
05:46
Now what web cloner does is it clones the real websites and creates the deceptive web pages. And what deceptive web server does is it is responsible for serving the cloned web pages. Note here it is serving cloned web pages, not the real web pages. And reporting to the syslog server upon request.
06:03
So if anybody tries to access the cloned web pages, then it will be logged in the syslog server. Now you can install this web trap tool by following these commands. But the problem with web trap tool is presently it works only on Ubuntu 18.
06:21
Now you can see the usage is shown in this slide. So you need to make use of web cloner.py file and you need to specify the next parameter as the output directory. Then the website URL you want to clone. So example is shown here. So here we are cloning the Wikipedia as a login page into the directory Wikipedia login page.
06:45
The next is the web trap, that is the deceptive web server. So to use it, you need to specify the file trapserver.py. So to trapserver.py file, you need to specify the directory name and the syslog server. So here trapserver.py file is serving the login page from the Wikipedia login page folder which has the deceptive web pages.
07:11
So when somebody tries to access this folder or the files within this folder, it will be logged in the syslog server. The next tool is daemon hunter.
07:21
So daemon hunter is used to create low interaction honeypot servers and it has agents and a manager to check the logs. So it allows you to create your own honeynet all customized by yourself from ports to the protocol handlers. That means you can have your own port numbers, you can have your own protocols.
07:42
So usually different protocols are also allowed. So in this diagram you can see here centrally there is a manager component which manages everything. So that means it manages the honeypot devices, it manages protocols and it manages port numbers. And note here that these protocols can be of different nature.
08:01
So they may not be just HTTP only. So it can be a combination of HTTP, UDP, SMTP, FTP, etc. Now why we developed a deception tool is we know that cyberspace is a national asset. And XML is the heart of many mainstream technologies nowadays,
08:20
including web services, service-oriented architecture or microservices, cloud computing, etc. So web services vulnerabilities can be present in the operating system, network database, web server, application server and so on. Now when a new technology is introduced, it comes with its own new challenges, plus old challenges will also be present.
08:42
Say for example, when we say SQL injection, it is available or it is present with respect to relational databases. But when we use XML as an alternative to relational databases, the same kind of injection attacks can be performed on XML document also.
09:04
So next, the problem which we tried to solve was to secure the web resources from XPath injection attack using modular recurrent neural networks. And for that, we proposed a solution that uses modular recurrent neural network architecture to identify and classify a typical behavior in user input.
09:22
So once the typical user input is identified, the attacker is redirected to fake resources to protect the critical data. So in this case, we developed our own validation technique, input validation technique that is count-based validation technique. So in next few slides, I will discuss how we developed count-based validation technique and how it works.
09:45
Now, we need to first understand how XPath injection attacks works. So in this slide, you can see that there's a small XML piece of code which stores username and password.
10:01
So at the bottom, you can see that there are two lines. One is in blue color and second one is in red color. So the line which is mentioned in the blue color, it actually indicates the valid query where valid username and passwords are mentioned. Whereas if you consider the last line, which is specified in the red color, that's a malicious query.
10:23
So you can see here, no real data is used there. Attack vector is used. So you can find some Boolean operators and some unwanted characters. Now, on XPath injection, it clearly states that to perform XPath injection attack, you really don't need any skills.
10:46
So any beginner can perform these attacks, any beginner can perform or create an attack vector to perform the attacks and typical likelihood of exploit is very high.
11:00
So that's why it is a very important thing to handle. Now, we studied a few research papers and we found that there are some gaps related to the existing work. Now, what we found was neural network approach to identify and classify a typical behavior in input was not yet done.
11:26
So the study showed different approaches to handle XPath injection attacks. It also showed methods applied and their disadvantages. We can conclude from the study that neural networks are not applied to detect XPath injection attacks and existing results are not promising. The study showed how modularity in case of neural networks helps to achieve improved performance.
11:46
Modular neural networks have not been applied to cybersecurity, particularly to the detection of XPath injection attacks. Now, this slide shows the system design. So it shows the working of the entire system.
12:00
So you can see there are three tiers. One is presentation tier, business tier and digital tier. Presentation tier has the login form. There's nothing but the user interface through which the user or the attacker interacts. Then we next have the business tier where the data processing or the application logic is stored. The next we have the data tier where we are storing real XML document and the fake XML document and also the custom error messages.
12:28
Now, if you consider some examples, some examples of valid inputs are email ID, mobile number, etc. Examples for malicious inputs are also mentioned. Then there is a third category that is some invalid inputs.
12:45
So that is very large input string, string with special characters and etc. So what happens here is when an attacker uses invalid inputs, it's going to generate error message and error message also gives you some information related to the system. For example, which browser the client is using, which system the client is using, etc.
13:03
So to avoid that, you can design custom error messages which hides the system information. Now in this algorithm, we are describing how our count based validation technique works. Now the first step is to scan the user input and next determine the length of the user input.
13:22
Then count the frequency of every character. So you need to count the frequency of characters, digits and special characters. Now you can see here in table 4 on the bottom right corner, we have specified the character and the threshold. So that means only up to the threshold the characters are allowed.
13:42
If it is exceeding the threshold, then appropriate error codes have been assigned. So if the frequency of the character is below the threshold, then the value is set for that particular character in table 4. Then set the error code to 40. Else if the frequency of characters mentioned that is the special characters is above the threshold, then set the particular character threshold to 4000.
14:08
Now what we have done is we have modularized the neural network. We have not used a single neural network because that will result into a lot of samples. So to reduce the samples, we have divided into three neural networks.
14:21
So in the first neural network, we are training it on login attempts. In the second neural network, we are training it on error codes. So now to build a neural network, we have used recurrent neural network with 15 neurons and hidden layer as LSTM network.
14:41
That is long short term network and output layer as softmax. Then we had used resilient propagation trainer to train the network in a training data set and test data set is created in real time to validate against the data set.
15:01
Then if the training error is 0.0%, then classify the input as in table 3. So table 3 is mentioned in the next slide. If it is classified as valid, then you need to display the message as login successful and read it to real system.
15:25
If it is classified as malicious, then the content from fake XML file has to be displayed. Otherwise invalid, then custom error message has to be displayed. Now you can see here we are training our third neural network based on this data set.
15:41
So we have output of neural network 1, we have output of neural network 2, then the final classification. So if one of the output is malicious, then it will be classified as malicious. If one of them is invalid, then it will be classified as invalid. But the flow is from valid to invalid to malicious.
16:04
Now we had used PyBrain library for neural network. Then for web service, we have used BottlePy microwave framework. For web server, we have used BottlePy and Apache. Then similarly for drawing graphs, we had used Python, NumPy and matplotlib.
16:22
Then PyBrain is a modular machine learning library for Python. It is short for Python based reinforcement learning, artificial intelligence and neural network library. So to download, you can follow the URL and you can follow the instructions. There is a very nice tutorial, you can follow it to install PyBrain and execute examples.
16:41
Similarly, Bottle is a fast, simple and lightweight microwave framework for Python. So it is distributed as a single file, so it has no dependencies, no need to install. Just include the file in your directory and start using it. So it has built-in routing templates, utilities and server modules.
17:01
So again, more information can be found in the specified URLs. So these are the results we have got. So in case of true positive, you can see here we are getting more stable results with respect to modular neural network. Whereas results are unstable with respect to single neural network.
17:25
So similarly when we compare false negatives, it is the same. So results are better with respect to model neural network and single neural network. So same is the case with true negatives and also the false negatives. Now when you compare the response time here, so you can see here when we use modular neural network, our neural network response time is less.
17:47
So when we use single neural network, it is taking more time. So the ratio is 1 is to 1.5. Now when we summarize the results, we see that you can see here the results of modular neural networks are better compared to single neural network.
18:04
So that is including and excluding outlier, the results of modular neural networks are better in all the cases. Now these are the screenshots. So you can see here in this slide, we have fake data file and we have real data file. So if you observe the structure, both looks similar, but the thing is data in one file is fake.
18:27
It's not real. So this is the user interface which we have created for our experiment. So in the first case that is valid in the scenario, user will enter the right or legitimate username and password.
18:40
So it will be classified as valid. So it gives the message log in successfully. Then similarly, if user enters malicious query, then note here that it is not going to deny the access. Instead it will display the fake data.
19:02
And also note here when it is displaying the fake data, we are also capturing the details like the server web browser, query the attacker as used, what is the port number, etc. And also we are also capturing the log in attempts. Then next, what the attacker will do is he will try to log in with the fake credentials and this time it shows that log in successful.
19:28
But note here that this is not the access to the real system, instead it is giving access to the deceptive system. So conclusion is that our solution offers input security over existing methods by misleading attackers to false resources and custom error pages.
19:44
Our results also show that the system accepts legitimate input, although the user input may contain some special characters and rejects only truly malicious inputs. So our solution combines modular neural network and count-based validation approach to filter the malicious input. So it also resulted in increased average detection rate of two positives and
20:04
two negatives and decreased average detection rate of false positives and false negatives. The secure systems have to be successful every time, but attacker has to be successful only once. So with reception, I can only say that we can buy extra time to protect our resources, but we may not be able to protect the system entirely.
20:22
So these are the references you can refer for more information. Thank you. Thank you.