Litcius/Paper detail

Detection and Prevention of Cross-site Scripting Attack with Combined Approaches

Hsing‐Chung Chen, Aristophane Nshimiyimana, Cahya Damarjati, Pi-Hsien Chang

20212021 International Conference on Electronics, Information, and Communication (ICEIC)17 citationsDOI

Abstract

Cross-site scripting (XSS) attack is a kind of code injection that allows an attacker to inject malicious scripts code into a trusted web application. When a user tries to request the injected web page, he is not aware that the malicious script code might be affecting his computer. Nowadays, attackers are targeting the web applications that holding a sensitive data (e.g., bank transaction, e-mails, healthcare, and e-banking) to steal users' information and gain full access to the data which make the web applications to be more vulnerable. In this research, we applied three approaches to find a solution to this most challenging attacks issues. In the first approach, we implemented Random Forest (RF), Logistic Regression (LR), k-Nearest Neighbors (k-NN), and Support Vector Machine (SVM) algorithms to discover and classify XSS attack. In the second approach, we implemented the Content Security Policy (CSP) approach to detect XSS attacks in real-time. In the last approach, we propose a new approach that combines the Web Application Firewall (WAF), Intrusion Detection System (IDS), and Intrusion Prevention System (IPS) to detect and prevent XSS attack in real-time. Our experiment results demonstrated the high performance of AI algorithms. The CSP approach shows the results for the detection system report in real-time. In the third approach, we got more expected system results that make our third model system a more powerful tool to address this research problem than the other two approaches.

Topics & Concepts

Cross-site scriptingComputer scienceScripting languageSQL injectionComputer securityFirewall (physics)Intrusion detection systemWeb applicationWeb application securityCode (set theory)World Wide WebWeb pageOperating systemWeb developmentProgramming languageSearch engineQuery by ExampleWeb search queryCharged black holeSet (abstract data type)Classical mechanicsGravitationPhysicsSchwarzschild radiusAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionWeb Application Security Vulnerabilities
Detection and Prevention of Cross-site Scripting Attack with Combined Approaches | Litcius