Explore deceptive security techniques using Python in this EuroPython 2020 conference talk. Learn about deception technology, types, methods, and the deceptive security life cycle. Discover how to implement and use Python-based deception tools like WebTrap and DemonHunter. Gain insights into building a custom deception tool using machine learning to mitigate XPath injection attacks for web services. Understand the application of PyBRAIN package and Long Short-Term Memory (LSTM) neural networks in identifying and classifying atypical user behavior. Follow along with demonstrations and discussions on practical implementation, including results showing over 90% accuracy in classifying input vectors. Suitable for all experience levels, this talk provides valuable knowledge on applying deception techniques and machine learning to enhance application security.
Overview
Syllabus
Intro
Contents
Deception - Types
Deception - Evolution - Advantages
WebTrap - Deceptive Web Server
Demon Hunter
Why we developed deception tool
Problem Definition and Proposed Solution
Introduction to XPath Injection
CAPEC on XPath Injection
Research Gap Identified
System Design
Algorithm
System Environment
PyBRAIN Machine Learning Library
Results (True Positives)
Results (True Negatives)
Results (Response Time)
Summary of Results
Snapshots (initial output)
Snapshots (valid input scenario)
Snapshots (malicious input scenario)
Snapshots (fake login scenario)
Conclusion
References
Taught by
EuroPython Conference
