Client-Side Detection of XSS Worms by Monitoring Payload Propagation

Sun, Fangqi; Xu, Liang; Su, Zhendong

doi:10.1007/978-3-642-04444-1_33

Cited by 22 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The analysis of this approach suggests that we can use the machine learning technique for XSS attack detection on SNSs. The research of Sun et al [13] presented a clientside approach to detecting the JavaScript worm via a Firefox plug-in. This approach relies on string comparison to detect the propagation of XSS worm.…”

Section: Related Workmentioning

confidence: 99%

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

Rathore¹,

Sharma²,

Park³

2017

J Inf Process Syst

View full text Add to dashboard Cite

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as crosssite scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learningbased approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

show abstract

Section: Related Workmentioning

confidence: 99%

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

Rathore¹,

Sharma²,

Park³

2017

J Inf Process Syst

View full text Add to dashboard Cite

show abstract

“…Cross Site Scripting (XSS) is known as the leading security problem currently faced by the web application developers and the most general attack that attackers exploit to replicate the malicious code to victim"s web application [9,20].…”

Section: Cross-site Scripting (Xss) Attacksmentioning

confidence: 99%

PHP-sensor

Gupta

2015

Proceedings of the 12th ACM International Conference on Computing Frontiers

View full text Add to dashboard Cite

As the usage of web applications for security-sensitive facilities has enlarged, the quantity and cleverness of web-based attacks against the web applications have grown-up as well. Several annual cyber security reports revealed that modern web applications suffer from two main categories of attacks: Workflow Violation Attacks and Cross-Site Scripting (XSS) attacks. Presently, in comparison to XSS attacks, there have been actual restricted work carried out that discover workflow violation attacks, as web application logic errors are particular to the expected functionality of a specific web application.This paper presents PHP-Sensor, a novel defensive model that discovers both the vulnerabilities of workflow violation attack and XSS attack concurrently in the real world PHP web applications. For the workflow violation attack, we extract a certain set of axioms by monitoring the sequences of HTTP request/responses and their corresponding session variables during the offline mode. The set of axioms is then utilized for evaluating the HTTP request/response in online mode. Any HTTP request/ response that bypass the corresponding axiom is recognized as a workflow violation attack in PHP web application. For the XSS attack, PHP-Sensor discovers the self-propagating features of XSS worms by monitoring the outgoing HTTP web request with the scripts that are injected in the currently HTTP response web page. We develop prototype of our proposed defensive model on the web proxy as well as on the client-side for the recognition of workflow violation and XSS attacks respectively. We evaluate the detection capability of PHP-Sensor on open source real-world PHP web applications and the simulation outcomes reveal that our defensive model is efficient and feasible at discovering workflow violation attacks, XSS attacks and experiences tolerable performance overhead.

show abstract

“…A wide range of solutions has been developed to protect the security of web applications, such as [23,24,25,26,27,28]. Prokhorenko et al [29] survey and classify existing protection techniques.…”

Section: Related Workmentioning

confidence: 99%

Toward Exposing Timing-Based Probing Attacks in Web Applications

Mao

Chen

Shi

et al. 2017

Sensors

View full text Add to dashboard Cite

Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach.

show abstract

Client-Side Detection of XSS Worms by Monitoring Payload Propagation

Cited by 22 publications

References 9 publications

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

PHP-sensor

Toward Exposing Timing-Based Probing Attacks in Web Applications

Contact Info

Product

Resources

About