International Journal of Open Information Technologies

This paper proposes a dynamic trust mechanism for web session protection, combining cryptographic and behavioral loops. The cryptographic loop ensures token validity, freshness, and non-portability, while the behavioral loop evaluates the current trajectory's compliance with a typical user scenario. The formal model of the mechanism includes requirements for token non-portability, reuse resistance, and trust continuity. The practical part is implemented as a prototype consisting of an authentication service, a risk assessment service, and a resource service. The behavioral loop utilizes an LSTM model trained on normal action sequences reconstructed from the CSIC 2010 dataset. Experimental validation is performed on two scenarios of session abuse: an automated bot attack and business logic bypass. The primary metric used is ROC-AUC, which reflects the model's ability to rank abnormal examples above normal ones without a fixed threshold. The experimental results show that the decisive factor for the proposed mechanism is the amount of context available to the model at the time of evaluation. In both scenarios, quality increases with increasing history length, but the depth of context required to reliably distinguish anomalies from norms differs: a shorter sequence is sufficient for automated behavior, while a longer history is required for bypassing business logic. Moreover, the impact of the hidden state size is significantly weaker. Therefore, the operation of the admission mechanism must rely on the accumulated session history as a mandatory part of the state, since evaluating an isolated request does not provide comparable reliability. Consequently, when implementing the proposed scheme, the length of the analyzed sequence becomes a critical operational parameter, and session trust must be recalculated as new actions accumulate.

NIST. Zero Trust Architecture. NIST Special Publication 800-207. Gaithersburg: National Institute of Standards and Technology, 2020

OWASP Foundation. Session Management Cheat Sheet [Elektronnyj resurs]. URL: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html (data obrashcheniya: 30.03.2026)

Barth A. HTTP State Management Mechanism. RFC 6265. IETF, 2011

Jones M., Bradley J., Sakimura N. JSON Web Token (JWT). RFC 7519. IETF, 2015

Fett D., Campbell B., Bradley J., Lodderstedt T., Jones M., Waite D. OAuth 2.0 Demonstrating Proof of Possession (DPoP). RFC 9449. Internet Engineering Task Force (IETF), 2023

Lodderstedt T., Campbell B., Bradley J., Sakimura N., Parecki A., Waite D. OAuth 2.0 Security Best Current Practice. RFC 9700. IETF, 2025

Du M., Li F., Zheng G., Srikumar V. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017. URL: https://doi.org/10.1145/3133956.3134015

Ferrag M., Maglaras L., Moschoyiannis S., Janicke H. Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study // Journal of Information Security and Applications. 2020. Vol. 50

Calzavara S., Jonker H., Krumnow B., Rabitti A. Measuring Web Session Security at Scale // Computers & Security. 2021. Vol. 111. Article 102472

Sivakorn S., Polakis I., Keromytis A. The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information // IEEE Symposium on Security and Privacy. 2018

Rahman R. U., Tomar D. S. New biostatistics features for detecting web bot activity on web applications // Computers & Security. 2020. Vol. 97. Article 102001. DOI: 10.1016/j.cose.2020.102001

Iliou C., Kostoulas T., Tsikrika T., Katos V., Vrochidis S., Kompatsiaris I. Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics // Digital Threats: Research and Practice. 2021. Vol. 2. No. 3. DOI: 10.1145/3447815

Deepa G., Thilagam P. S., Praseed A., Pais A. R. DetLogic: A black-box approach for detecting logic vulnerabilities in web applications // Journal of Network and Computer Applications. 2018. Vol. 109. P. 89-109. DOI: 10.1016/j.jnca.2018.01.008

Metin B., Wynn M., Tunali A., Kepir Y. Business Logic Vulnerabilities in the Digital Era: A Detection Framework Using Artificial Intelligence // Information. 2025. Vol. 16. No. 7. Article 585. DOI: 10.3390/info16070585

Kwon D., Kim H., Kim J., Suh S. C., Kim I., Kim K. J. A Survey of Deep Learning-Based Network Anomaly Detection // Cluster Computing. 2019. Vol. 22. Suppl. 1. P. S949-S961. DOI: 10.1007/s10586-017-1117-8

Alaoui R. L., Nfaoui E. H. Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review // Future Internet. 2022. Vol. 14. No. 4. Article 118. DOI: 10.3390/fi14040118

Cho S., Cha S. SAD: Web Session Anomaly Detection Based on Parameter Estimation // Computers & Security. 2004. Vol. 23. No. 4. P. 312-319. DOI: 10.1016/j.cose.2004.01.006

Hochreiter S., Schmidhuber J. Long Short-Term Memory // Neural Computation. 1997. Vol. 9. No. 8

Sculley P. CSIC 2010 HTTP Dataset in CSV Format for WEKA Analysis [Elektronnyj resurs]. URL: https://petescully.co.uk/research/csic-2010-http-dataset-in-csv-format-for-weka-analysis/ (data obrashcheniya: 30.03.2026)

YUdova, E. A., and O. R. Laponina. "Analiz vozmozhnostej ispol'zovaniya tekhnologij mashinnogo obucheniya dlya vyyavleniya atak na veb-prilozheniya." International Journal of Open Information Technologies 10.1 (2022): 61-68.

Zubrienko, G. A., and O. R. Laponina. "Metody optimizacii vyborki dannyh dlya opredeleniya anomal'nogo trafika." International Journal of Open Information Technologies 4.10 (2016): 1-8.

Namiot, D. E. Skhemy atak na modeli mashinnogo obucheniya / D. E. Namiot // International Journal of Open Information Technologies. – 2023. – T. 11, № 5. – S. 68-86. – EDN YVRDOB.

Internet cifrovoj zheleznoj dorogi / V. P. Kupriyanovskij, G. V. Sukonnikov, S. A. Sinyagov [i dr.] // International Journal of Open Information Technologies. – 2016. – T. 4, № 12. – S. 53-68. – EDN XETADZ.

O rabotah po cifrovoj ekonomike / V. P. Kupriyanovskij, D. E. Namiot, S. A. Sinyagov, A. P. Dobrynin // Sovremennye informacionnye tekhnologii i IT-obrazovanie. – 2016. – T. 12, № 1. – S. 243-249. – EDN XEQRFJ.