Dynamic Web Application Firewall detection supported by Cyber Mimic Defense approach

With the increase of publicly available applications on the Internet, the number of new vulnerabilities increases. The currently used security methods are static and predictable and therefore have problems detecting unknown vulnerabilities. This issue creates an advantage for attackers - more attacks are carried out successfully than existing countermeasures that protect against them. It can especially be seen when considering the protection provided by Web Application Firewalls (WAF). Namely, it is often enough to obfuscate an attacker's payload to bypass security mechanisms successfully. Of course, many approaches are used to improve the protection provided by WAF, but this is associated with many problems, and a high level of security is expected almost from the moment such a device is deployed. One such approach may be the use of mimic defense, which is a proactive method of detecting unknown attacks. This paper presents the results of experiments in the network with web servers secured by WAF with additional protection provided by the mimic defense idea. The conducted research shows that the usage of mimic defense increases the number of detected and blocked attack attempts. It also introduces the unpredictability that an attacker has to confront when trying to carry out an attack. Moreover, the proposed concept allows for creating new temporary rules that supply the WAF while increasing the chances of detecting previously undiscovered attacks.