Abstract

Cross-site scripting (XSS) attack has been one of the most dangerous attacks in cyberspace security. Traditional methods essentially discover XSS attack by detecting malicious payloads in requests, which is unable to distinguish blind&random scanning with the attacking reality. Moreover, it also brings tens of thousands of worthless security alerts to administrators, as well as unfriendly experience to users. In this paper, we propose DoubleR, a bi-directional framework which detects both Requests and Responses to discover XSS attacking reality. On the basis of conventional detection of malicious requests, DoubleR collects responses from web server and trains a bagging based PU learning model to determine whether the vulnerability is truly triggered. To validate our proposed framework, experiments are performed on 5 popular Web applications with 11 specified CVE recorded vulnerabilities. Results show that DoubleR effectively distinguishes attacking reality from attacking attempts, reduce the worthless security alarms, and at the same time works well on other web attacks of the same type.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Cross Site Scripting Attacks in Web-Based Applications
Aliga Paul Aliga ... Atuegbelo Confidence Akpe
Journal of Advances in Science and Engineering | VOL. 1
Aliga Paul Aliga, et. al.Aliga Paul Aliga ... Atuegbelo Confidence Akpe
15 Sep 2018
Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey
Sonkarlay J Y Weamie
International Journal of Communications, Network and System Sciences | VOL. 15
Sonkarlay J Y WeamieSonkarlay J Y Weamie
01 Jan 2021
XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in JavaScript Code
Shashank Gupta ... B B Gupta
Arabian Journal for Science and Engineering | VOL. 41
Shashank Gupta, et. al.Shashank Gupta ... B B Gupta
30 Oct 2015
Security against cross site scripting (XSS) attacks
M V Kadam ... M A Pradhan
-
M V Kadam, et. al.M V Kadam ... M A Pradhan
01 Jan 2010
View more papers

More From: Computer Networks

Paper Title
Journal
Date
Author
SARM: A network State-Aware Adaptive Routing Mutation method for power IoT
Tianshuai Zheng ... Ye Du
Computer Networks | VOL. -
Tianshuai Zheng, et. al.Tianshuai Zheng ... Ye Du
01 Nov 2024
Robust and energy-efficient RPL optimization algorithm with scalable deep reinforcement learning for IIoT
Ying Wang ... Fengjun Shang
Computer Networks | VOL. -
Ying Wang, et. al.Ying Wang ... Fengjun Shang
01 Nov 2024
Intraflow temporal correlation-based network traffic prediction
Jingwen Lu ... Chenxi Tang
Computer Networks | VOL. -
Jingwen Lu, et. al.Jingwen Lu ... Chenxi Tang
01 Nov 2024
Model Parameter Prediction Method for Accelerating Distributed DNN Training
Wai-Xi Liu ... Jun Cai
Computer Networks | VOL. -
Wai-Xi Liu, et. al.Wai-Xi Liu ... Jun Cai
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.