SEARCH METHODS FOR ABNORMAL ACTIVITIES OF WEB APPLICATIONS

Subject of Research.The paper presents a review of existing detection methods for abnormal activities of web applications. Comparative characteristics are given. Priorities for improving information security tools in web applications are shown. Method.For evaluation of search methods for abnormal activities of web applications, criteria for selecting indicators were defined. Particular attention was paid to such indicators as: the launching speed of web applications after loading, web application responsiveness to user actions and the number of abnormal activities found in comparison with the number of malfunctions found. Three methods of searching for abnormal activities were compared: statistical code scanning, dynamic code scanning and network traffic monitoring. We considered advantages and disadvantages of each method and implementation examples. Main Results.It is shown that the dynamic method of searching for abnormal activities has the best characteristics. The method provides the identification of anomalies associated with traffic transfer and anomalies that occur during the local operation of web applications. The method is implemented as a code analyzer built into the browser engine. The analyzer checks all calls of the web application to the engine and detects abnormal activity based on such calls. In contrast to static scanning, dynamic scanning identifies anomalies in Web Workers, WebAssembly and in the parts of code that are downloaded over the network after the application starts. Practical Relevance. The work can be useful to information security specialists who deal with the problems of protecting web applications, as well as programmers and system administrators at application creation and implementation stage. The results of the work can find practical use in the development of web applications, browsers, and information protection software.