Litcius/Paper detail

Detection of Cross-Site Scripting Attacks using Dynamic Analysis and Fuzzy Inference System

Olorunjube James Falana, Ife Olalekan Ebo, Carolyn Oreoluwa Tinubu, Olusesi Alaba Adejimi, Andeson Ntuk

202015 citationsDOI

Abstract

Many prevalent problems of web applications are induced by injected codes, which pose great security threats. Vulnerabilities found in web applications are commonly typically exploited to perpetrate attacks. With cross-site scripting (XSS), attackers can infuse malevolent contents into website pages, in this way gaining access privileges to sensitive page content of the user such as, session cookies, user's data or credentials and several other information often kept up by the browser on behalf of the users. This paper presents a hybrid mechanism for detecting XSS attacks using Dynamic Analysis and Fuzzy Inference. The approach scans the website for possible points of injection before generating an attack vector launched via an HTTP request to a web application. The analysis of the HTTP response predicts the presence of an attack vector. The detection capability of the system is evaluated using some active world web applications and the results show a high rate of detection.

Topics & Concepts

Cross-site scriptingComputer scienceScripting languageDynamic web pageWorld Wide WebWeb application securityComputer securitySecurity analysisStatic analysisSession (web analytics)Web applicationSQL injectionWeb pageOperating systemWeb developmentSearch engineProgramming languageQuery by ExampleWeb search queryWeb Application Security VulnerabilitiesNetwork Security and Intrusion DetectionAdvanced Malware Detection Techniques