Abstract
In modern web applications, token-based authentication has become a crucial mechanism for securing access to protected resources. JSON Web Tokens (JWTs), in particular, are widely adopted due to their stateless and scalable nature. However, this reliance makes tokens a prime target for attackers, with incidents of token theft and misuse via techniques such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and token hijacking on the rise. Existing security solutions like IDS and application firewalls are not designed to effectively detect token-specific attack patterns, leaving a critical security gap in modern authentication systems. To address this problem, we propose a Token-based Authentication Monitoring System capable of detecting, tracking, analyzing, and investigating suspicious token behaviors in real time. Our research focuses on JWT-based access tokens and the refresh token technique in OAuth 2.0 environments. A core contribution of this work is the design of 25 specialized detection rules based on patterns. We validated the proposed system through 70 comprehensive test cases covering both normal and attack scenarios. The system achieved an overall detection accuracy of 81.4%, demonstrating its capability to effectively detect token-related attacks overlooked by conventional defenses. Additionally, we evaluated the system’s performance, measuring detection latency and operational overhead in a real-world integration scenario. The results confirmed that the monitoring system delivers real-time detection with minimal impact on application responsiveness and system resources. This research offers a practical, adaptable framework that enhances the security of any system employing token-based authentication, reducing the risk of unauthorized access while maintaining system performance.
References
Prajakta Solapurkar, ‘Building secure healthcare services using OAuth 2.0 and JSON web token in IOT cloud scenario’, 2017.
Muhamad Haekal, Eliyani, ‘Token-based authentication using JSON Web Token on SIKASIR RESTful Web Service’, 2017.
Stenly Ibrahim Adam, Jimmy H Moedjahedy, Jeremiah Maramis, ‘RESTful Web Service Implementation on Unklab Information System Using JSON Web Token (JWT)’, 2021.
M. Jones, J. Bradley, N. Sakimura, ‘JSON Web Token (JWT)’, ISSN: 2070-1721, RFC 7519, 2015.
D. Hardt, Ed., ‘The OAuth 2.0 Authorization Framework’, ISSN: 2070-1721, RFC 6749, 2012.
Irfan Darmawan, Aditya Pratama Abdul Karim, Alam Rahmatulloh, Rohmat Gunawan, Dita Pramesti, ‘JSON Web Token Penetration Testing on Cookie Storage with CSRF Techniques’, 2022.
Kanika Sharma, Naresh Kumar, ‘SWART: Secure Web Application Response Tool’, 2013.
Zakiyabanu S. Malek, Bhushan Trivedi, Axita Shah, ‘User Behavior-Based Intrusion Detection Using Statistical Techniques’, 2018.
Zakiyabanu S. Malek, Bhushan Trivedi, Axita Shah, ‘User behavior Pattern -Signature based Intrusion Detection’, 2020.
S Sasipriya, L R Madhan Kumar, R Raghuram Krishnan, K Naveen Kumar, ‘Intrusion Detection System in Web Applications (IDSWA)’, 2021.
‘OWASP Risk Rating Methodology’, https://owasp.org/www-community/OWASP_Risk_Rating_Methodology.
P. Varalakshmi, Guhan B, Vignesh Siva P, Dhanush T, Saktheeswaran K, ‘Improvising JSON Web Token Authentication in SDN’, 2022.
A Rahmatulloh, R Gunawan, F M S Nursuwars, ‘Performance comparison of signed algorithms on JSON Web Token’, 2019.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2025 Journal of Cyber Security and Mobility