Enhancing Web Security: A Comparative Analysis of Machine Learning Models for CSRF Detection

This paper investigates the application of utilizing machine learning techniques to enhance Cross-Site Request Forgery (CSRF) detection in web applications. CSRF remains a critical security concern, consistently ranking among the top vulnerabilities in the Open Web Application Security Project (OWASP) list and Bugcrowd’s ranking of global cybersecurity threats. We conduct a comparative analysis of sixteen machine learning algorithms, categorized as ensemble and non-ensemble methods. Our findings demonstrate that ensemble models, including Extreme Gradient Boosting and Extra Trees, achieve superior performance in identifying CSRF attacks compared to non-ensemble models. We evaluate the models using 5-fold and 10-fold cross-validation, consistently revealing the superiority of ensemble approaches. Notably, our proposed Extra Tree classifier surpasses the state-of-the-art Random Forest algorithm by 2.67% in recall and 1.16% in F1-score. These results highlight the potential of ensemble models for robust CSRF detection in web security.