SAP SE
ATTACKER DETECTION VIA FINGERPRINTING COOKIE MECHANISM

Abstract:

Disclosed herein are system, method, and computer program product embodiments for detecting cyber-attack. In an embodiment, a server receives a request to an application from a user device. The server checks the request and determines that there is no cookie in the received request. The server generates a new fingerprinting cookie for the user and sends a verification request to the user device to verify the identity of the user. When the server receives the verification reply from the user device, the server checks and determines that the verification reply is valid and, accordingly, the user device is verified successfully. The server marks the new cookie as a verified cookie and transfers the request to the application for processing. The disclosed system encourages attackers to keep working within a single session with a single fingerprinting cookie to avoid consuming resources via the verification process by forcing every user including attackers to have a cookie. In such a case, a malicious session that includes multiple requests may be more easily detected and dealt with.