PATAC: A pattern analysis model for securing web application against broken authentication & access control vulnerabilities.

Abstract

Authentication & access control are the initial line of defense against attacks on software-as-a-service (SaaS) cloud deployments. But due to improper software design, these defenses have various loop holes, which allows the attacker to inject attacks like Trojan horse, conditional vulnerabilities, etc. In order to reduce the probability of these attacks, this text proposes design of a novel header-scanning based pattern analysis model for detecting and mitigating broken authentication & access control attacks. The model is deployed at header of the cloud, which allows it to analyze all incoming requests before they are processed by the SaaS model. Due to this header-level deployment, the model is able to detect and mitigate almost 99.8% of authentication & access control vulnerabilities, including elastic attacks. A testbed for attack injection and analysis is also proposed, which allows the system model to be tested & validated for different kinds of vulnerabilities. The proposed model is also equipped with detection & removal of SQL (structured query language) injection, XSS (cross site scripting), and distributed denial of service (DDoS) attacks. In order to estimate performance of the proposed model, it was compared with various state-of-the-art attack detection & mitigation methods. Due to header-level pattern analysis, the proposed model was able to outperform recent state-of-the-art methods in terms of accuracy of attack detection, precision, recall, and delay performance. The pattern analysis layer utilizes temporal behaviour of client nodes along with their real time request-response behaviour in order to estimate probability of attacks. In order to further improve attack detection performance & scalability of the proposed model, this text proposes various improvements that can be used to extend the existing pattern analysis approach.