A Survey on Detection and Prevention of Cross-Site Scripting Attack

Nithya, V.; Pandian, S. Lakshmana; Malarvizhi, C.

doi:10.14257/ijsia.2015.9.3.14

Cited by 33 publications

(22 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Classic threats have been an issue ever since the development of the Internet. These threats are spam [11], malware [12], phishing [13], or cross-site scripting (XSS) attacks [14]. Although researchers and industries have addressed these threats in the past with the invention of OSNs, they can spread in a new way and more quickly than ever before.…”

Section: Classic Threatsmentioning

confidence: 99%

Privacy and Security Issues in Online Social Networks

et al. 2018

View full text Add to dashboard Cite

The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.

show abstract

Section: Classic Threatsmentioning

confidence: 99%

Privacy and Security Issues in Online Social Networks

et al. 2018

View full text Add to dashboard Cite

show abstract

“…In this part, the XSS vulnerability relies on a browser, which can be attacked by XSS as long as you use it. Therefore, the attacks, often being the first step of other advanced attacks, directly threaten user privacy and server security, resulting in information disclosure, command execution, and so on [1,2]. There have already been many research teams that have introduced machine learning and deep learning algorithms into XSS attack detection [3].…”

Section: Introductionmentioning

confidence: 99%

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Fang

Huang

et al. 2019

Future Internet

View full text Add to dashboard Cite

With the development of artificial intelligence, machine learning algorithms and deep learning algorithms are widely applied to attack detection models. Adversarial attacks against artificial intelligence models become inevitable problems when there is a lack of research on the cross-site scripting (XSS) attack detection model for defense against attacks. It is extremely important to design a method that can effectively improve the detection model against attack. In this paper, we present a method based on reinforcement learning (called RLXSS), which aims to optimize the XSS detection model to defend against adversarial attacks. First, the adversarial samples of the detection model are mined by the adversarial attack model based on reinforcement learning. Secondly, the detection model and the adversarial model are alternately trained. After each round, the newly-excavated adversarial samples are marked as a malicious sample and are used to retrain the detection model. Experimental results show that the proposed RLXSS model can successfully mine adversarial samples that escape black-box and white-box detection and retain aggressive features. What is more, by alternately training the detection model and the confrontation attack model, the escape rate of the detection model is continuously reduced, which indicates that the model can improve the ability of the detection model to defend against attacks.

show abstract

“…Several circumvention mechanisms have been implemented, but none of them are complete or accurate enough to guarantee an absolute level of security on web application due to lack of common and complete methodology for evaluation in terms of performance [8]. Fonseca et al [9] proposed a method to evaluate and benchmark automatic web vulnerability scanners; using software fault injection techniques, they found out the scanners' coverage is low and the percentage of false positives is very high.…”

Section: Introductionmentioning

confidence: 99%

Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System

Ayeni

Sahalu

Adeyanju

2018

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an "intelligent" tool for detecting cross-site scripting flaws in web applications. is paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.

show abstract

A Survey on Detection and Prevention of Cross-Site Scripting Attack

Abstract: In present-day time, securing the web application against hacking is a big challenge.

Cited by 33 publications

References 23 publications

Privacy and Security Issues in Online Social Networks

Privacy and Security Issues in Online Social Networks

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System

Contact Info

Product

Resources

About