Using Static Analysis for Ajax Intrusion Detection

This paper presents a static control-flow analysis for JavaScript programs running in a web browser. The analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. The paper uses the analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. The paper inserts random asynchronous requests to foil mimicry attacks. Finally, the paper evaluates the technique against several real applications and show that it protects against an attack in a widely-used web application.