Abstract
ABSTRACT One of the most common attacks in browser extensions is Cross-site scripting (XSS). To address these challenges, several browsers have proposed a new mechanism where legitimate browser extensions can only be installed from their respective Web Stores. Nonetheless, this mechanism is not flawless and multiple users still choose to install browser extensions from other sources, leaving them exposed to multiple types of attacks. This paper proposes a browser extension capable of detecting XSS attacks using Machine Learning (ML), as well as other irregularities that may occur in recently installed browser extensions. Regarding the detection of XSS attacks, the detection model is based on the Support Vector Machine (SVM) and it was able to detect malicious scripts with an accuracy of 99.5%, a precision of 99.4%, and a recall of 99.0%. Additionally, the detection of two other types of irregularities, namely the presence of blacklisted or irregular URLs located in the browser extension, and the presence of undesirable data in the manifest file of the browser extension, were considered. A Windows application was also designed in Java and deployed alongside the browser extension to monitor suspicious network requests from the newly installed browser extension.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Information Security Journal: A Global Perspective
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
