A New Web Deception System Framework

Web applications have many vulnerabilities that allow attackers to compromise sensitive data and gain unauthorized access to the production web servers. Compromised web-sessions represent a major threat. Current random attacks draw attention to the need for new protection and detection tools. In this paper, we propose a web deception scheme to mitigate web attacks in the production web site. The solution is more like a call for arms, using game theory, honeyweb, and honeytokens with ransomware and intrusion detection. The proposed scheme is explained in details as well as simulation results. © 2018 IEEE.