Technologies for integrating enterprise web applications have improved rapidly over the years. The OAuth framework provides authentication and authorization using the users’ profile and credentials in an existing identity provider. This makes it possible for attackers to exploit any vulnerability arising from exchange of data with the provider. Vulnerability in OAuth authorization flow allows an attacker to alter the normal flow sequence of the OAuth protocol. In this paper, a machine learning-based approach was applied in the detection of potential vulnerability in the OAuth authentication and authorization flow by analyzing the relationship between changes in the OAuth parameters and the final output. This research models the OAuth protocol as a supervised learning problem where seven classification models were developed, tuned and evaluated. Exploratory Data Analytics (EDA) techniques were applied in the extraction and analysis of specific OAuth features so that each output class could be evaluated to determine the effect of the identified OAuth features. The models developed in this research were trained, tuned and tested. A performance accuracy above 90% was attained for detection of vulnerabilities in the OAuth authentication and authorization flow. Comparison with known vulnerability resulted in a 54% match.

多年来，用于集成企业Web应用程序的技术已得到迅速改进。OAuth框架使用现有身份提供者中的用户个人资料和凭据提供身份验证和授权。这使得攻击者可以利用与提供者进行数据交换而引起的任何漏洞。OAuth授权流中的漏洞使攻击者可以更改OAuth协议的正常流顺序。在本文中，通过分析OAuth参数的更改与最终输出之间的关系，将基于机器学习的方法应用于OAuth身份验证和授权流程中的潜在漏洞检测。这项研究将OAuth协议建模为有监督的学习问题，其中开发，调整和评估了七个分类模型。探索性数据分析（EDA）技术被应用于特定OAuth功能的提取和分析，以便可以评估每个输出类以确定所标识的OAuth功能的效果。在这项研究中开发的模型经过了培训，调整和测试。检测OAuth身份验证和授权流程中的漏洞时，可以达到90％以上的性能精度。与已知漏洞的比较得出54％的匹配率。检测OAuth身份验证和授权流程中的漏洞时，可以达到90％以上的性能精度。与已知漏洞的比较得出54％的匹配率。检测OAuth身份验证和授权流程中的漏洞时，可以达到90％以上的性能精度。与已知漏洞的比较得出54％的匹配率。