We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Deceptive Security using Python

9
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of EuroPythonEuroPython
 Deshpande, Gajendra

Formal Metadata

Title
Deceptive Security using Python
Subtitle
Deceiving hackers to protect your resources
Title of Series
Number of Parts
130
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Imagine you are passing through an unknown street at midnight and you find that some anti-social elements are following you. To save yourself from them you start running and look for a safe place to hide. On the way, you will find a good person and requests him to help you. He hides you in his place to protect you. When these anti-social elements visit a good person’s place and enquire about you, the good person misguides them and redirects them to some other place in order to protect you. This is exactly how deception works. In this analogy, YOU are the resources to be protected, anti-social elements are the hackers who want to gain access to the resources, and a good person is a deception technique that protects the resources from hackers by making them fall in the trap. The talk begins with an introduction to deception technology, deception types, and methods, a deceptive security life cycle. In this talk, we will demonstrate the following deception tools implemented using python language: • WebTrap (https://github.com/IllusiveNetworks-Labs/WebTrap): is designed to create deceptive webpages to deceive and redirect attackers away from real websites. The deceptive webpages are generated by cloning real websites, specifically their login pages. • DemonHunter (https://github.com/RevengeComing/DemonHunter): is a distributed low interaction honeypot with Agent/Master design Finally, we will conclude the talk with how built a deception tool and demonstrate its working. How we implemented a deception tool in python using machine learning: We designed a deception tool in python language using PyBRAIN package to model and mitigate XPath injection attacks for web services. It is known that XML can be used to store the data and this data can be queried using XPath query language. XPath is a query language, it has injection issues similar to SQL. To handle this issue, we proposed a solution, which uses a count-based validation technique and Long Short-Term Memory (LSTM) modular neural networks to identify and classify atypical behavior in user input. Once the atypical user input is identified, the attacker is redirected to fake resources to protect the critical data. Our experiment resulted in over 90% accuracy in the classification of input vectors. Outline 1. Introduction to deception, Deception types, Deception technology applicable methods and Deception Life cycle(08 Minutes) 2. Demonstration of WebTrap deception tool(04 Minutes) 3. Demonstration of DemonHunter deception tool(04 Minutes) 4. Discussion of our deception tool and demonstration(06 Minutes) 5. Conclusion and Questions(03 Minutes) Audience No experience level of Python is needed. In general, anyone can attend this talk and learn about applying deception techniques and machine learning to application security.