ZTWeb: Cross site scripting detection based on zero trust

Abstract

Policy defense technology is the mainstream XSS defense technology. However, defense mechanisms with fixed policies may hardly cover the attack surface persistently in dynamic environments. Moreover, the undifferentiated policy makes the malicious code and developer code have the same resource authorization, which leads to the game between the security and usability of the page. To tackle this problem, we propose a zero trust-based defense model - ZTWeb, which constructs differentiated and dynamic policies to balance the security and usability of the website. Specifically, ZTWeb micro-segments the protect surface code into the trust domain, executing different authorization policies based on the trust level of the code subject. The key of ZTWeb is to break the control risk of static policy authorization and create dynamic trust by continuously evaluating the behavior of untrusted domains. Trust evaluation takes the call sequence of sensitive resources as the judgment element. We associate the parent-child relationship between domains and divide the behavior branches within the domain to construct a complete, accurate, context-containing behavior sequence. Furthermore, the extracted sequence is regarded as a piece of text, and the TextCNN model is introduced to identify XSS attacks. We evaluate ZTWeb using real datasets collected from GitHub. The experimental results show that the model can achieve an accuracy of 99.7%, the overall performance overhead is low, and strong security is maintained without destroying the website's usability.