Token-Based Authentication Monitoring System
1
Issued Date
2025-10-14
Resource Type
ISSN
22451439
eISSN
22454578
Scopus ID
2-s2.0-105018737634
Journal Title
Journal of Cyber Security and Mobility
Volume
14
Issue
4
Start Page
777
End Page
798
Rights Holder(s)
SCOPUS
Bibliographic Citation
Journal of Cyber Security and Mobility Vol.14 No.4 (2025) , 777-798
Suggested Citation
Rujichaikul P., Rassameeroj I. Token-Based Authentication Monitoring System. Journal of Cyber Security and Mobility Vol.14 No.4 (2025) , 777-798. 798. doi:10.13052/jcsm2245-1439.1441 Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/112693
Title
Token-Based Authentication Monitoring System
Author(s)
Author's Affiliation
Corresponding Author(s)
Other Contributor(s)
Abstract
In modern web applications, token-based authentication has become a crucial mechanism for securing access to protected resources. JSON Web Tokens (JWTs), in particular, are widely adopted due to their stateless and scalable nature. However, this reliance makes tokens a prime target for attackers, with incidents of token theft and misuse via techniques such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and token hijacking on the rise. Existing security solutions like IDS and application firewalls are not designed to effectively detect token-specific attack patterns, leaving a critical security gap in modern authentication systems. To address this problem, we propose a Token-based Authentication Monitoring System capable of detecting, tracking, analyzing, and investigating suspicious token behaviors in real time. Our research focuses on JWT-based access tokens and the refresh token technique in OAuth 2.0 environments. A core contribution of this work is the design of 25 specialized detection rules based on patterns. We validated the proposed system through 70 comprehensive test cases covering both normal and attack scenarios. The system achieved an overall detection accuracy of 81.4%, demonstrating its capability to effectively detect token-related attacks overlooked by conventional defenses. Additionally, we evaluated the system’s performance, measuring detection latency and operational overhead in a realworld integration scenario. The results confirmed that the monitoring system delivers real-time detection with minimal impact on application responsiveness and system resources. This research offers a practical, adaptable framework that enhances the security of any system employing token-based authentication, reducing the risk of unauthorized access while maintaining system performance.