XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

Rathore, Shailendra; Sharma, Pradip Kumar; Park, Jong Hyuk

doi:10.3745/jips.03.0079

Cited by 44 publications

(39 citation statements)

References 12 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is obvious that the probability Pr[Evt 1 ∧ Evt 2 ] = 0 from the definition of Evt 1 and Evt 2 and we have While the event ¬Evt 1 ∧ ¬Evt 2 happens, A can not get any information about the connection between m b |con and u 1…”

Section: Theoremmentioning

confidence: 99%

See 1 more Smart Citation

An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case

Zeng

Chen

Choo

2019

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

Code-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to conventional PKE schemes (e.g., those based on RSA). In 2018, Lau and Tan proposed a new rank metric code-based PKE scheme, which has smaller public key and ciphertext sizes compared to other code-based PKE schemes. They also proved that their scheme achieves IND-CPA security, assuming the intractability of the decisional rank syndrome decoding problem. It is known that IND-CCA2 security is the strongest and most popular security assurance for PKE schemes. Therefore, in this paper, we obtain a new code-based PKE scheme from Lau and Tan’s scheme, in order to inherit the underlying small public key and ciphertext sizes. However, our new scheme is shown to achieve IND-CCA2 security, instead of the weaker IND-CPA security. Specifically, the respective public key size and ciphertext size in our new scheme are 15.06 KB and 1.37 KB under 141-bit security level, and 16.76 KB and 1.76 KB under 154-bit security level. We then present a use case for the proposed scheme, that is for secure cloud storage.

show abstract

Section: Theoremmentioning

confidence: 99%

“…semi-trusted. Thus, massive techniques are proposed for ensuring the data security and decreasing the useless data such as semi-supervised learning, spammer detection framework and cryptographic protocol [1][2][3][4].…”

mentioning

confidence: 99%

An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case

Zeng

Chen

Choo

2019

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…One taxonomy [18] has classified the type of attack to be technical-based, which includes phishing, scam, and malware, or human-based, such as impersonation, identity theft, and reverse social engineering. An example of a technical based attack in social networks is the cross-site scripting attack that recently become popular among criminals in SNSs [19]. In contrast, persuading the victim to contact the attacker by connecting with the victim's friends through a reverse social engineering technique [8] is an example of a human-based attack in social networks.…”

Section: Social Engineering In Social Networkmentioning

confidence: 99%

User characteristics that influence judgment of social engineering attacks in social networks

Albladi

Weir

2018

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

Social engineering is a growing source of information security concern. Exploits appear to evolve, with increasing levels of sophistication, in order to target multiple victims. Despite increased concern with this risk, there has been little research activity focused upon social engineering in the potentially rich hunting ground of social networks. In this setting, factors that influence users’ proficiency in threat detection need to be understood if we are to build a profile of susceptible users, develop suitable advice and training programs, and generally help address this issue for those individuals most likely to become targets of social engineering in social networks. To this end, the present study proposes and validates a user-centric framework based on four perspectives: socio-psychological, habitual, socio-emotional, and perceptual. Previous research tends to rely on selected aspects of these perspectives and has not combined them into a single model for a more cohesive understanding of user’s susceptibility.

show abstract

“…The stationary security system uses security devices such as an IDS or attack detection mechanisms in application layer [22,23] to detect an attacker who has penetrated the inside. Unlike stationary security systems, MTD aims to deceive the attacker through constant network mutations rather than detecting an insider.…”

Section: Security Requirementmentioning

confidence: 99%

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

et al. 2018

View full text Add to dashboard Cite

Abstract:We propose a novel dynamic host mutation (DHM) architecture based on moving target defense (MTD) that can actively cope with cyberattacks. The goal of the DHM is to break the cyber kill chain, expand the attack surface to increase the attacker's target analysis cost, and disrupt the attacker's fingerprinting to disable the server trace. We define the participating entities that share the MTD policy within the enterprise network or the critical infrastructure, and define functional modules of each entity for DHM enforcement. The threat model of this study is an insider threat of a type not considered in previous studies. We define an attack model considering an insider threat and propose a decoy injection mechanism to confuse the attacker. In addition, we analyze the security of the proposed structure and mechanism based on the security requirements and propose a trade-off considering security and availability.

show abstract

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

Cited by 44 publications

References 12 publications

An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case

An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case

User characteristics that influence judgment of social engineering attacks in social networks

Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat

Contact Info

Product

Resources

About