Centy: Scalable Server-Side Web Integrity Verification System Based On Fuzzy Hashes

Providing integrity guarantees for websites rendered on a user's browser is a crucial security property for web applications. There are several ways to tamper with data being received or rendered on the client side, including browser hijacking, malicious plugins, cross-site scripting attacks and manipulation of data in transit. Detecting such attacks is important for content providers in order to generate alerts and prevent further attacks. Detection of website integrity is a challenging task, due to the heterogeneity of possible attacks. In this work we present an approach to detect integrity attacks that is designed to scale to millions of clients while offering high accuracy. Our approach is based on a fine grained analysis of website internal components and a clustering technique. Such clustering allows for an efficient automatic and semi-automatic classification of client-side content (such as scripts, forms, iframes, etc.). This approach is partially implemented in a productive system and is evaluated on a real-world dataset belonging to a sample of tens of thousands unique visits. We show that we can achieve up to 98.7% accuracy on real data based on a labelled prefix, and up to 99.4% compression ratio on incoming to-be-classified client-side content. To the best of our knowledge, we are the first study to show a scalable and practical clustering system for web integrity detection.