Year 2014 đđ
We propose PolyRef, a method for a polymorphic defense to defeat automated attacks on web applications. Many websites are vulnerable to automated attacks. Basic anti-automation countermeasures such as Turing tests provide minimal efficacy and negatively impact the usability and the accessibility of the protected application. Motivated by the observation that many automated attacks rely on interaction with the publicly visible code transmitted to the browser, PolyRef proposes to make critical elements of the underlying webpage code polymorphic, rendering machine automation impractical to implement. We categorize the threats that rely on automation and the available anti-automation approaches. We present two techniques for using polymorphism as an anti-automation defense.
Comments are closed.