An Innovative Security Strategy using Reactive Web Application Honeypot

TL;DR

This paper introduces a novel, adaptive web application honeypot system that dynamically mimics vulnerabilities to detect and analyze cyber-attacks targeting web applications, enhancing security defenses.

Contribution

It presents a low interaction, dynamic honeypot architecture using SNARE and TANNER for realistic vulnerability emulation and attack analysis.

Findings

Effective detection of diverse web attacks

Enhanced understanding of attack patterns

Improved honeypot response accuracy

Abstract

Nowadays, web applications have become most prevalent in the industry, and the critical data of most organizations stored using web apps. Hence, web applications a much bigger target for diverse cyber-attacks, which varies from database injections-SQL injection, PHP object injection, template injection, XML external entity injection, unsanitized input attacks- Cross-Site Scripting(XSS), and many more. As mitigation for them, among many proposed solutions, web application honeypots are a much sophisticated and powerful protection mechanism. In this paper, we propose a low interaction, adaptive, and dynamic web application honeypot that imitates the vulnerabilities through HTTP events. The honeypot is built with SNARE and TANNER; SNARE creates the attack surface and sends the requests to TANNER, which evaluates them and decides how SNARE should respond to the requests. TANNER is an analysis and classification tool, which analyzes and evaluates HTTP requests served by SNARE and to compose the response, it is powered by emulators, which are engines used for the emulation of vulnerabilities.