SecureWeb: An Adaptive Deep Learning Framework for Detecting Cross-Site Request Forgery Vulnerabilities in Modern Web Applications

Abstract

Cross-Site Request Forgery (CSRF) is a critical web application security vulnerability that enables attackers to exploit authenticated user sessions and perform unauthorized actions without the user's knowledge or consent. Traditional approaches for detecting CSRF vulnerabilities primarily rely on source code analysis or extensive manual testing, which are often timeconsuming, resource-intensive, and unsuitable for large-scale or real-time applications. To address these limitations, this paper presents SECUREWEB, a novel machine learning-based framework for the automated detection of CSRF vulnerabilities through black-box web application scanning.SECUREWEB incorporates user-friendly modules for administrators and end-users, enabling URL analysis, model training, and real-time vulnerability assessment. The framework extracts significant features from HTTP requests, including request methods, antiCSRF token presence, header attributes, and session-related parameters. These features are utilized to train and evaluate multiple supervised machine learning classifiers, including Random Forest, Decision Tree, Support Vector Machine (SVM), and Naïve Bayes, for accurate vulnerability identification.The proposed system is implemented using Python and the Django framework, with MySQL serving as the backend database. Experimental evaluation demonstrates the effectiveness of SECUREWEB in identifying CSRF vulnerabilities across diverse web environments. The framework successfully detected 35 previously unidentified vulnerabilities in widely used websites and three additional vulnerabilities in production software systems. Performance analysis indicates high detection accuracy and robust classification capability across multiple evaluation metrics. The results confirm that SECUREWEB provides a scalable, automated, and intelligent solution for enhancing web application security, particularly in scenarios where source code access is unavailable.