Skip to main content
SpringerLink
Log in
Book cover

World Conference on Information Systems and Technologies

WorldCIST'18 2018: Trends and Advances in Information Systems and Technologies pp 197–207Cite as

XSS Attack Detection Approach Based on Scripts Features Analysis

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 746))

Abstract

Cross-Site Scripting (XSS) attacks are type of injection problems in modern Web applications that can be exploited by injecting JavaScript code. By now there have been a variety of defensive techniques to protect web application against XSS injection attack, but XSS still cannot be totally detected by injecting benign code of JavaScript: injecting of existing method calls or overriding an existing method definition. Moreover, the present server-side XSS detection systems are based on source code modification of the supervised application. In this project, we developed a server side XSS detection approach based on scripts features analysis, which permits the detection of a wide range of injected scripts: malicious script or legitimate script which is similar to the benign script, without any modification of application source code. Our approach is evaluated on three web applications. The experimental results prove that our approach detects a wide range of XSS attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Shahriar, H., North, S., Chen, W., Mawangi, E: Design and development of Anti XSS proxy. In: Proceedings of the 8th IEEE International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2013, pp. 489–494. ICITST (2013)

    Google Scholar 

  2. Shahriar, H., Zulkernine, M.: Injecting comments to detect JavaScript code injection attacks. In: 35th IEEE Annual Computer Software and Applications Conference Workshops, pp. 104–109 (2011)

    Google Scholar 

  3. Gupta, S., Gupta, B.B.: XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arabian J. Sci. Eng. 41, 897–920 (2015)

    Article  Google Scholar 

  4. Wurzinger, P., Platzer, C., et al.: SWAP: mitigating XSS attacks using a reverse proxy. In: ICSE Workshop on Software Engineering for Secure Systems, pp. 33–39. IEEE (2009)

    Google Scholar 

  5. Stuttard, D., Pinto, M.: The Web Application Hacker’s Handbook Finding and Exploiting Security Flaws. Wiley, Indianapolis (2011)

    Google Scholar 

  6. Edgescan: Vulnerability Statistics Report (2015). https://www.edgescan.com/assets/docs/reports/2015-edgescan-Stats-Report-(2015)-v5.pdf. Accessed 30 Nov 2016

  7. Website Security Statistics Report (2015). https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf. Accessed 30 Nov 2016

  8. OWASP Top 10 Application Security Risks (2017). https://www.owasp.org/index.php/Top_10_2017-Top_10

  9. Twitter users fall victim to new XSS worm. https://news.netcraft.com/archives/2010/09/21/twitter-users-fall-victim-to-new-xss-worm.html. Accessed 12 Dec 2016

  10. XSS attack information. www.xssed.com/news/128/Not_surprisingly_McAfee_websites_are_susceptible_to_XSS_attacks/. Accessed 10 Dec 2016

  11. UnderNews. https://www.undernews.fr/undernews/exclusivite-faille-xss-sur-le-site-de-la-nasa.html. Accessed 07 Dec 2016

  12. VeriSign Trusted’ shops found to have XSS holes. https://nakedsecurity.sophos.com/2012/02/28/verisign-xss-holes/. Accessed 04 Apr 2017

  13. XSS in Google Finance. https://miki.it/blog/2013/7/30/xss-in-google-finance/. Accessed 13 Dec 2016

  14. PayPal Site Vulnerable to XSS Attack. threatpost.com/paypal-site-vulnerable-to-xssattack/100787/. Accessed 13 Apr 2017

  15. TweetDeck Taken Down To Assess XSS Vulnerability. techcrunch.com/2014/06/11/tweetdeck-fixes-xss-vulnerability. Accessed 04 Apr 2016

  16. Microsoft Internet Explorer Universal Cross-Site Scripting Flaw. http://thehackernews.com/2015/02/internet-explorer-xss.html. Accessed 04 Apr 2016

  17. arsiadi.net/2016/06/11/stories-of-xss-in-google-april-may-2016. Accessed 04 Apr 2016

  18. Frenz, C., Yoon, J.: XSSmon: a perl based IDS for the detection of potential XSS attacks. In: IEEE Long Island, pp. 1–4, May 2012

    Google Scholar 

  19. Levenshtein-algorithm. https://people.cs.pitt.edu/~kirk/cs1501/Pruhs/Spring2006/assignments/editdistance/Levenshtei%20Distance.htm. Accessed 30 May 2017

  20. Shahriar, H., Sarah, M., et al.: Information theoretic XSS attack detection in web applications. Int. J. Secure Softw. Eng. 5(3), 1–15 (2014)

    Article  Google Scholar 

  21. Shahriar, H., Sarah, M.: Server-side code injection attack detection based on Kullback-Leibler distance. Int. J. Internet Technol. Secured Trans. 5(3), 240–261 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Mohamed Boudiaf University, M′Sila, Algeria

    Saoudi Lalia & Ammiche Sarah

Authors
  1. Saoudi Lalia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ammiche Sarah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saoudi Lalia .

Editor information

Editors and Affiliations

  1. Departamento de Engenharia Informática, Universidade de Coimbra, Coimbra, Portugal

    Álvaro Rocha

  2. College of Engineering, The Ohio State University, Columbus, Ohio, USA

    Hojjat Adeli

  3. DSI/EEUM, Universidade do Minho, Guimarães, Portugal

    Luís Paulo Reis

  4. DIMES, Universita della Calabria, Arcavacata di Rende, Italy

    Sandra Costanzo

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lalia, S., Sarah, A. (2018). XSS Attack Detection Approach Based on Scripts Features Analysis. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S. (eds) Trends and Advances in Information Systems and Technologies. WorldCIST'18 2018. Advances in Intelligent Systems and Computing, vol 746. Springer, Cham. https://doi.org/10.1007/978-3-319-77712-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-77712-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-77711-5

  • Online ISBN: 978-3-319-77712-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation