TY - BOOK AU - Kailanya, Eunice TI - A Stateful Firewall Packet Analysis Framework for Mitigating Session Fixation Attacks SN - AV - TK5105.5.K3 2025 PY - 2025/// CY - Meru PB - Meru University of Science and Technology N1 - Includes Reference N2 - Protecting the networks against web attacks has become increasingly critical. As network attacks continue to evolve in complexity and sophistication, stateful firewall solutions have proven to be insufficient in defending against session fixation attacks. Session fixation attacks pose a significant threat to web security by exploiting vulnerabilities in session management to hijack authenticated user sessions. Existing stateful firewall models can filter attacks such as denial of service, distributed denial of service, man-in-the-middle, malware, ransomware and spamming. However, they are unable to filter session fixation attacks due to their filtering mechanisms. The aim of this study was to develop a stateful firewall packet analysis model that operates in network layer to detect and filter session fixation attack. By maintaining state information across network sessions, the model analyzed packet sequences and patterns to identify anomalies indicative of session fixation attempts. Gradient booster classifier algorithm was incorporated into the model to enhance accuracy in analyzing the packet. Virtual machine simulation experiment was performed to evaluate the accuracy of the model using Cross-Site Scripting (XSS) datasets vulnerable to session fixation attacks alongside normal user traffic. The model detection rate, false positive and false negative metrics was measured to assess the accuracy of the model. The experimental results demonstrated that the model effectively detected and mitigated session fixation attacks by analyzing session parameters and maintaining session state consistency. Experimental evaluation validated the high model detection accuracy level of 98.5 % with minimal false positives. By tracking the state of each session and analyzing packet-level data the model is capable of detecting suspicious patterns associated with session fixation attempts. The adoption and integration of the model into the network security framework not only strengthens protection at the application layer but also reduces the risk of session hijacking UR - https://repository.must.ac.ke/handle/123456789/1596 ER -