Token-Based Authentication Monitoring System

Abstract

In modern web applications, token-based authentication has become a crucial mechanism for securing access to protected resources. JSON Web Tokens (JWTs), in particular, are widely adopted due to their stateless and scalable nature. However, this reliance makes tokens a prime target for attackers, with incidents of token theft and misuse via techniques such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and token hijacking on the rise. Existing security solutions like IDS and application firewalls are not designed to effectively detect token-specific attack patterns, leaving a critical security gap in modern authentication systems. To address this problem, we propose a Token-based Authentication Monitoring System capable of detecting, tracking, analyzing, and investigating suspicious token behaviors in real time. Our research focuses on JWT-based access tokens and the refresh token technique in OAuth 2.0 environments. A core contribution of this work is the design of 25 specialized detection rules based on patterns. We validated the proposed system through 70 comprehensive test cases covering both normal and attack scenarios. The system achieved an overall detection accuracy of 81.4%, demonstrating its capability to effectively detect token-related attacks overlooked by conventional defenses. Additionally, we evaluated the system’s performance, measuring detection latency and operational overhead in a realworld integration scenario. The results confirmed that the monitoring system delivers real-time detection with minimal impact on application responsiveness and system resources. This research offers a practical, adaptable framework that enhances the security of any system employing token-based authentication, reducing the risk of unauthorized access while maintaining system performance.