Defending Cross Site Reference Forgery (CSRF) Attacks on Contemporary Web Applications Using a Bayesian Predictive Model

Abstract

This work presents specific solutions to defend a recent, not very well understood web vulnerability known as the Cross Site Reference Forgery (CSRF). A methodical approach is used to investigate CSRF attacks and propose remedies by introducing a novel and distinctive variation of the well recognized Bayesian Belief Networks (BBN). Critical networks and infrastructures are susceptible to disruptions and industrial espionage under a coordinated CSRF attack. The threat to launch CSRF attacks from a network of thousands of malicious machines is a real threat to the national and commercial cyber security of honest web applications. Some high profile CSRF reported attacks include: ING Direct (Attacker opens additional accounts on behalf of an authenticated user and transfers funds from a user's account to the attacker's account); YouTube (Nearly every action a user can perform on YouTube is hijacked by the attacker); MetaFilter (Allowed an attacker to take control of a user's account); The New York Times (User email addresses, identity and profiles accessed by the attacker, sent spam). Additionally, known CSRF vulnerabilities have also been reported with Google’s Gmail service, in a banking application in Korea, etc. The urgency to come up with appropriate defense mechanism against the lethal CSRF attacks is indicated due to expanding cloud based technologies, HTML5, Semantic Web, and various emerging security frameworks comprised of inchoate vestigial of “Big Data” that demand exceedingly evolved defense mechanisms. In this paper, we present a BBN Predictive Model (BPM) to detect, predict and provide solutions for CSRF attacks on contemporary Web Applications and Web Services environment. While some remedies have been proposed recently, they rely mostly on server side implementations. There are significant disadvantages of server-side countermeasures in that they require modifications of server-side programs which bear a direct operational impact in terms of performance and maintenance. Updating and modifying servers may cost too much and take long time before a substantial fraction of the web gets updated. A more attractive idea, perused in this work, is that CSRF countermeasures can be applied on the client-side, as browser extensions. The basic idea is simple: the browser can strip session and authentication information from malicious requests, or it can block such requests altogether. However, the difficulty is in determining a malicious request with confidence. There is a compelling case to use Bayesian approach for augmenting the full functionality of the proposed BPM defense model. A significant volume of research provides number of qualities that recommend Bayesian reasoning as the foundation for determining the confidence level in scenarios where a decision has to be made to proceed to the next level, as is the case in the proposed CSRF model. The most often cited quality is the ability to include prior information, as well as its capacity to simplify the logic of building a coherent system. While describing empirical approaches in the design and development of the BPM model, the paper attempts to answer the following: 1. What is the current state of prediction and detection of cyber attacks on contemporary web applications and services? 2. How does a CSRF attack take place? What are known mitigation approaches? 3. How does a Bayesian Belief Network provide a useful and robust detection and defensive mechanism against CSRF attacks?The paper concludes with recommendations and guidelines for future extensions including the design and development of browser based plug, comparing the performance of BPM with other known models for CSRF defense, extending BPM scope in the areas of client based cyber and local security.