Securing heterogeneous embedded devices against XSS attack in intelligent IoT system

Abstract

Today, we are living in the realm of Internet of Things (IoT) where simple objects are embedded with the capabilities to understand and operate in its surroundings for offering distinct services to the users. These objects are shipped with their user interfaces that facilitate user to perform administrative activities on the devices using a web browser linked to the device's server. Cross-Site Scripting (XSS) is the most prevalent web application's vulnerability, exploited by an attacker to compromise the embedded devices. This research work is focused towards the development of an approach to defend against XSS attack to safeguard embedded devices deployed in intelligent IoT system. It performs identification through comparing injected strings with the blacklisted attack vectors and mitigates its harmful effects by implementing filtering method in an optimized fashion. It is a fog-enabled approach that operates locally to identify the compromised device within the IoT network. We demonstrate attack exploitation on two smart devices including digital IP Camera and wireless router and then tested the performance of our proposed approach on them. The experimental results highlight the efficacy of the approach as it attains an accuracy of 0.9 and above, on both the tested platforms.