The project's primary purpose is to enhance the security of client-side applications by developing new approaches that complement existing solutions related to monitoring behaviors in web applications. Ensuring robust security is a significant challenge as modern web applications become increasingly complex and integrated.
Traditional security measures, such as firewalls and network intrusion detection systems, may not fully address client-side vulnerabilities. Therefore, the project aims to create a dynamic solution that focuses specifically on identifying and mitigating risks at the client level.
Creating solutions for this context involves two fundamental steps:
Identifying behaviors
Classifying them according to the risk they present.
#1 Goal
The first goal includes not only the identification of behaviors per se but also the identification of the resources responsible for them, namely which entities triggered such actions.
By mapping behaviors to their corresponding entities, the system can better understand the underlying causes of potential issues and security threats. This step is essential for distinguishing between legitimate application behavior and malicious or unintended actions that could compromise security, which we address in the second goal.
#2 Goal
The second goal of the project is to classify the behaviors that have been dynamically captured during the application's execution. This is done by analyzing the chain of behaviors observed and which entity triggered them.
By examining the context and sequence of these behaviors, the system can identify patterns indicative of potential threats. The goal is to classify their risk and malicious intent, which varies depending on the scenario.
The BEHAVIOR solution enhances the security of client-side applications by developing a prototype that monitors and collects behaviors in web applications and identifies potential threats using artificial intelligence models. This prototype dynamically assesses any action or sequence of actions, identifying deviations from normal behavior that may indicate malicious activity. Artificial intelligence allows the solution to continuously learn and adapt to new attack patterns, ensuring it remains effective against evolving threats.
Jscrambler
Jscrambler, a global leader in Client-Side Protection and Compliance, serves as the principal co-promoter of this project, contributing its extensive expertise in securing client-side applications and monitoring behaviors in web environments. The project aims to improve the security of client-side applications by developing a prototype that monitors and classifies behaviors in web applications, identifying risks and potential threats using Artificial Intelligence.
In this context, Jscrambler will leverage its experience in analyzing and protecting web applications to support mapping interactions between resources and behaviors. This expertise will be key to enabling a detailed risk assessment and advancing the development of innovative solutions for detecting and mitigating security threats. Jscrambler’s contribution focuses on its deep understanding of JavaScript behaviors, runtime analysis, and risk classification, aligning with the project’s goal of providing actionable insights into client-side security.
By combining practical security applications with the project’s research objectives, Jscrambler will help deliver impactful results that strengthen the protection of client-side applications and advance both technical and academic outcomes. This includes supporting and disseminating results through academic theses, publications, and educational materials, reinforcing the project’s contribution to advancing security standards in web environments.
ISEP/GECAD
SEP/IPP—GECAD, a recognized entity within the scientific system, actively participates in projects to create and implement innovative solutions and services for end users. In this project, its team will leverage all its expertise and experience in extracting knowledge from large volumes of data, applying Artificial Intelligence-based algorithms to the new contexts presented by the project, and developing new algorithms and combined approaches that will culminate in an utterly disruptive service platform.
In particular, ISEP/IPP - GECAD contributes its knowledge and experience in the field of Knowledge and Learning Technologies, specifically in the following areas: Knowledge-Based Systems, Ontologies, Semantic Web, Social Web, Data Mining, Knowledge Discovery, Neural Networks, Intelligent Agents, and Intelligent Tutors. The project results will feature a Master’s thesis and educational materials for courses taught by the institution, disseminating the results and adding value to the academic community.
