Enhancing Web Security using Client-Side Web Assembly based Web Application Firewall (WAF)

Abstract

JavaScript has been a popular and the most widely used language for web applications. However, it has some limitations especially related to performance while running computationally intensive tasks which hinders usage of such applications through the web. To resolve the issue of performance, a new low-level assembly-like language Web Assembly “also referred to as WASM” has been developed to run in the browser and to complement the usage of JavaScript rather than replacing it. WASM is designed keeping the security features in mind. However, being a new technology, it still has some security flaws which can be exploited to compromise different applications. Mining cryptocurrency is a lucrative opportunity due to its increased usage. One of the illegitimate ways of mining is through deploying cryptojacking malware within web browsers. Web Assembly has provided malicious actors with a new avenue for utilizing cryptojacking malware given its performance gains. This resulted in development of different systems for detection of Wasm-based cryptojacking, using both static and dynamic analysis. In this paper, we provide an overview of Web Assembly (WASM) and a comprehensive review of different cryptojacking detection techniques. Furthermore, we propose a novel framework which is based on AI-driven WebAssembly analysis engine designed to detect WebAssembly-based cryptojacking attacks. Our evaluation of the framework shows an accuracy rate of 98.5% with only 0.78% FN rate in detecting cryptojacking WASM applications. In the end, we carried out a comparative analysis of our proposed framework with two malware detection tools: VirusTotal and Malwarebytes.