Detecting Blind Cross-Site Scripting Attacks Using Machine Learning

被引：10

作者：

Kaur, Gurpreet ^{[1
]}

Malik, Yasir ^{[1
]}

Samuel, Hamman ^{[1
]}

Jaafar, Fehmi ^{[1
]}

机构：

[1] Univ Edmonton, Dept Informat Syst Secur & Assurance Management, Edmonton, AB, Canada

来源：

2018 INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND MACHINE LEARNING (SPML 2018) | 2018年

关键词：

Software Security; Web Security; Cross-Site Scripting (XSS); Machine Learning; Vulnerability Detection; XSS;

D O I：

10.1145/3297067.3297096

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Cross-site scripting (XSS) is a scripting attack targeting web applications by injecting malicious scripts into web pages. Blind XSS is a subset of stored XSS, where an attacker blindly deploys malicious payloads in web pages that are stored in a persistent manner on target servers. Most of the XSS detection techniques used to detect the XSS vulnerabilities are inadequate to detect blind XSS attacks. In this research, we present machine learning based approach to detect blind XSS attacks. Testing results help to identify malicious payloads that are likely to get stored in databases through web applications.

引用

页码：22 / 25

页数：4

共 50 条

[21] Automatic Creation of SQL Injection and Cross-Site Scripting Attacks
Kiezun, Adam
Guo, Philip J.
Jayaraman, Karthick
Ernst, Michael D.
[J]. 2009 31ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS, 2009, : 199 - +
[22] Machine Learning based Cross-site Scripting Detection in Online Social Network
Wang, Rui
Jia, Xiaoqi
Li, Qinlei
Zhang, Shengzhi
[J]. 2014 IEEE INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS, 2014 IEEE 6TH INTL SYMP ON CYBERSPACE SAFETY AND SECURITY, 2014 IEEE 11TH INTL CONF ON EMBEDDED SOFTWARE AND SYST (HPCC,CSS,ICESS), 2014, : 823 - 826
[23] Mitigating Cross-Site Scripting Attacks with a Content Security Policy
Yusof, Imran
Pathan, Al-Sakib Khan
[J]. COMPUTER, 2016, 49 (03) : 56 - 63
[24] Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System
Ayeni, Bakare K.
Sahalu, Junaidu B.
Adeyanju, Kolawole R.
[J]. JOURNAL OF COMPUTER NETWORKS AND COMMUNICATIONS, 2018, 2018
[25] Detecting Command Injection and Cross-site Scripting Vulnerabilities Using Graph Representations
School of Electrical Engineering and Informatics, Institut Teknologi Bandung, Bandung, Indonesia
[J]. Proc. IEEE Int. Conf. Data Softw. Eng., ICoDSE, 1600, (49-54):
[26] BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
Ter Louw, Mike
Venkatakrishnan, V. N.
[J]. PROCEEDINGS OF THE 2009 30TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2009, : 331 - 346
[27] XSSDS: Server-side Detection of Cross-site Scripting Attacks
Johns, Martin
Engelmann, Bjoern
Posegga, Joachim
[J]. 24TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2008, : 335 - +
[28] Browser's Defenses Against Reflected Cross-Site Scripting Attacks
Mewara, Bhawna
Bairwa, Sheetal
Gajrani, Jyoti
[J]. 2014 INTERNATIONAL CONFERENCE ON SIGNAL PROPAGATION AND COMPUTER TECHNOLOGY (ICSPCT 2014), 2014, : 662 - 667
[29] XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities
Escuela Politecnica Nacional, Facultad de Ingenieŕia de Sistemas, Quito, Ecuador
不详
[J]. Cyber Secur. Netw. Conf., CSNet, 1600, (142-149):
[30] XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities
Rodriguez, German
Torres, Jenny
Flores, Pamela
Benavides, Eduardo
Nunez-Agurto, Daniel
[J]. 2019 3RD CYBER SECURITY IN NETWORKING CONFERENCE (CSNET), 2019,

← 1 2 3 4 5 →