WebMTD: Defeating Cross-Site Scripting Attacks Using Moving Target Defense

Niakanlahiji, Amirreza; Jafarian, Jafar Haadi

doi:10.1155/2019/2156906

Cited by 9 publications

(5 citation statements)

References 13 publications

(27 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Niakanlahiji and Jafarian [12] present WebMTD, a proactive moving target defense mechanism that thwarts a broad class of code injection attacks on web applications, including XSS, HTML code injection, and server-side code injection attacks. Relying on built-in features of current web browsers, WebMTD randomizes certain attributes of web elements to differentiate the application code from the injected code and prevent the execution.…”

Section: Salas and Martinsmentioning

confidence: 99%

N-Gram Tabanlı Tahmin Modeli ile XSS Saldırısı Algılama

ALAGHA¹

2023

Eskişehir Türk Dünyası Uygulama Ve Araştırma Merkezi Bilişim Dergisi

View full text Add to dashboard Cite

The increment developments in technology has empowered the web applications. Meanwhile, the existence of Cross-Site Scripting (XSS) vulnerabilities in web applications has become a concern for users. In spite of the numerous current detection approaches, attackers have been exploiting XSS vulnerabilities for years, causing harm to the internet users. In this paper, a text-mining based approach to detect XSS attacks in web applications is introduced. This approach is built to extract a set of features from a publicly available source code files, which are then used to build a prediction model. The findings include few comparisons between Word Tokenization and N-Gram in accuracy, time spend to build the model and AUC-ROC curve. The results show that N-Gram tokenization outperforms the Word Tokenization.

show abstract

Section: Salas and Martinsmentioning

confidence: 99%

N-Gram Tabanlı Tahmin Modeli ile XSS Saldırısı Algılama

ALAGHA¹

2023

Eskişehir Türk Dünyası Uygulama Ve Araştırma Merkezi Bilişim Dergisi

View full text Add to dashboard Cite

show abstract

“…Niakanlahiji and Jafarian [129] proposed a different MTD technique. They modify web applications by adding a new attribute named runtimeID to suspicious tags with randomly generated hex value.…”

Section: Moving Target Defense (Mtd)mentioning

confidence: 99%

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Hannousse¹,

Yahiouche²,

Nait-Hamoud³

2022

Preprint

View full text Add to dashboard Cite

Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its reveal in late 1999 by Microsoft security engineers, several techniques have been developed in the aim to secure web navigation and protect web applications against XSS attacks. The problem became worse with the emergence of advanced web technologies such as Web services and APIs and new programming styles such as AJAX, CSS3 and HTML5. While new technologies enable complex interactions and data exchanges between clients and servers in the network, new programming styles introduce new and complicate injection flaws to web applications. XSS has been and still in the TOP 10 list of web vulnerabilities reported by the Open Web Applications Security Project (OWASP). Consequently, handling XSS attacks became one of the major concerns of several web security communities. In this paper, we contribute by conducting a systematic mapping and a comprehensive survey. We summarize and categorize existent endeavors that aim to protect against XSS attacks and develop XSS-free web applications. The present review covers 147 high quality published studies since 1999 including early publications of 2022. A comprehensive taxonomy is drawn out describing the different techniques used to prevent, detect, protect and defend against XSS attacks. Although the diversity of XSS attack types and the scripting languages that can be used to state them, the systematic mapping revealed a remarkable bias toward basic and JavaScript XSS attacks and a dearth of vulnerability repair mechanisms. The survey highlighted the limitations, discussed the potentials of existing XSS attack defense mechanisms and identified potential gaps.

show abstract

“…Double-spending attacks are one of the most popularly used threats by hackers in PoW algorithms. This type of attack occurs when the user controls more than 50% of the computing power [33]. Therefore, they can send a fraudulent transaction log to the network, enabling them to perform the same transaction multiple times by removing the record of previous transactions.…”

Section: Related Workmentioning

confidence: 99%

Data Integrity Time Optimization of a Blockchain IoT Smart Home Network Using Different Consensus and Hash Algorithms

Kairaldeen

Abdullah

Abu-Samah

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Data security is a major issue for smart home networks. Yet, different existing tools and techniques have not been proven highly effective for home networks’ data security. Blockchain is a promising technology because of the distributed computing infrastructure network that makes it difficult for hackers to intrude into the systems through the use of cryptographic signatures and smart contracts. In this paper, an architecture for smart home networks that could guarantee data integrity, robust security, and the ability to protect the validity of the blockchain transactions has been investigated. The system model is tested using various sizes of realistic datasets (30, 3 k, and 30 k to represent a small, medium, and large number of transactions, respectively). Four different consensus algorithms were considered, the conventional schemes concatenated hash transactions (CHT) and Merkle hash tree (MHT), as well as the newly proposed odd and even modified MHT (O&E MHT) and modified MHT (MMHT). Moreover, 15 hash functions were also examined and compared to understand the effects of each consensus algorithms on the data integrity verification check execution time and the time optimization provided by the proposed MMHT algorithm. The results show that even though the CHT algorithm gives the lowest execution time, it is impractical for a blockchain implementation due to the requirement to copy the entire blockchain ledger in real time. Meanwhile, the O&E MHT does not give any tangible benefit in the execution time. However, the proposed MMHT offers a minimum of 30% gain in time optimization than the conventional MHT algorithm typically used in blockchains. This work shows that the proposed MMHT consensus algorithm not only can identify malicious codes but has an improved data integrity check performance in smart homes, all while ensuring network stability.

show abstract

WebMTD: Defeating Cross-Site Scripting Attacks Using Moving Target Defense

Cited by 9 publications

References 13 publications

N-Gram Tabanlı Tahmin Modeli ile XSS Saldırısı Algılama

N-Gram Tabanlı Tahmin Modeli ile XSS Saldırısı Algılama

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Data Integrity Time Optimization of a Blockchain IoT Smart Home Network Using Different Consensus and Hash Algorithms

Contact Info

Product

Resources

About