Service Oriented Architecture is a relatively new field in computing. However, web services in a Service Oriented Architecture are usually open and vulnerable to attacks. Intrusion detection is a technique widely used for protecting web services. In this thesis, we use deception on top of Intrusion Detection in a Service Oriented Architecture. We implemented three attacks on web services, namely, SQL Injection attack, Brute Force attack and Insufficient Authorization attack. We developed algorithms to deceive against these attacks. From our result we saw that deception wastes the time and resources of the attacker and furthermore is able to reduce attacks by more than 90 percent. Deception is therefore complementary to intrusion detection and can be effectively used to protect web services.Computer Science Departmen
