A new WAF-based architecture for protecting web applications against CSRF attacks in malicious environment

Michal Srokosz, Damian Rusinek, Bogdan Ksiezopolski
2018 Proceedings of the 2018 Federated Conference on Computer Science and Information Systems  
Web application firewall is an application firewall for HTTP applications. Typical WAF uses static analysis of HTTP request, defined as a set of rules, to find potentially dangerous payloads in the requests. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection which are server-related attacks. Cross-site scripting is clientside attack however the server is attacked and forced to return malicious response. Rule-based approach becomes useless when the
more » ... tack is client-related, for example employing malware on the banking site. Malware allows to change the transfer data. This scenario is hard to detect because the browser displays valid transfer data and data is changed to the thieves' accounts number at the communication stage. In this paper we introduce a new web-based architecture for protecting web applications against CSRF attacks in malicious environemnt. In our approach we extend a classic, static WAF approach with historical and behavioral analysis, based on actions performed by the user in the past.
doi:10.15439/2018f208 dblp:conf/fedcsis/SrokoszRK18 fatcat:dvjxbu7k7zg7zp2qhmkahpb4hq