XSSMitigate: Deep Packet Inspection based XSS Attack Quarantine in Software Defined Networks

Web applications are used by millions everyday for day-to-day activities. These applications deal with personal and financial data and security of these applications becomes important. Cross-Site Scripting (XSS) is a type of attack which target web applications. These attacks can escalate user privileges and can provide access to unauthorized data compromising users' privacy. In this paper, we present a technique to detect and mitigate the XSS attacks in Software Defined Networks (SDN). Our method has two phases as detection and mitigation. For detecting the attack, we use deep packet inspection on network packets collected at a switch placed in front of web server. Once the attack is detected we block the source of attack by installing appropriate rules at the switch through controller. We experiment within a lab setup and also with real world traces to validate the attack detection. Through simulations we show the feasibility of blocking the attack source for quarantine.