We propose PolyRef, a method for a polymorphic defense to defeat automated attacks on web applications. Many websites are vulnerable to automated attacks. Basic anti-automation countermeasures such as Turing tests provide minimal efficacy and negatively impact the usability and the accessibility of the protected application. Motivated by the observation that many automated attacks rely on interaction with the publicly visible code transmitted to the browser, PolyRef proposes to make critical elements of the underlying webpage code polymorphic, rendering machine automation impractical to implement. We categorize the threats that rely on automation and the available anti-automation approaches. We present two techniques for using polymorphism as an anti-automation defense. © 2014 Springer International Publishing.
CITATION STYLE
Wang, X., Kohno, T., & Blakley, B. (2014). Polymorphism as a defense for automated attack of websites. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8479 LNCS, pp. 513–530). Springer Verlag. https://doi.org/10.1007/978-3-319-07536-5_30
Mendeley helps you to discover research relevant for your work.