SAP SE
Attacker detection via fingerprinting cookie mechanism

Abstract:

Disclosed herein are system, method, and computer program product embodiments for detecting cyber-attack. In an embodiment, a server receives a request to an application from a user device. The server determines that there is no cookie in the received request. The server then generates a new fingerprinting cookie and sends a verification request to the user device to verify the identity of a user. When the server receives the verification reply from the user device, the server determines that the verification reply is valid, marks the new cookie as a verified cookie, and transfers the request to the application for processing. The server can also unverify the verified cookie when the verified cookie is included in a malicious request. The server can determine that a request is malicious by analyzing functions the user wishes to perform using the request.