Cross-site Scripting Research Articles

Automation of Quantifying Security Risk Level on Injection Attacks Based on Common Vulnerability Scoring System Metric

An injection attack is a cyber-attack that is one of The Open Web Application Security Project Top 10 Vulnerabilities. These attacks take advantage of insufficient user input validation into the system through the input surface of a Web application as that user in the browser. The company’s cyber security team must filter thousands of attacks to prioritize which attacks are considered the most dangerous to be mitigated first. This activity of filtering thousands of attacks takes much time because you have to check these attacks one by one. Therefore, a method is needed to assess how dangerous a cyber-attack is that enters an organization’s or company’s server. Injection attack detection can be done by analyzing the request data in the web server log. Our research attempts to perform quantification modeling of the variations of two types of injection attacks, SQL Injection (SQLi) and Cross-Site Scripting (XSS), using Common Vulnerability Scoring System Metrics (CVSS). CVSS metrics are generally used to calculate the level of dangerous weakness in the system. This metric is never used to calculate the level of how dangerous an attack is. The modeling that we have made shows that SQLi and XSS attacks have many variations in levels ranging from low to high levels. We discovered that when classified with Common Weakness Enumeration Database, SQLi and XSS attacks CVE values would have high-level congruence with almost 94% value between one another vector on CVSS.

Review of the security challenges in web-based systems

Web-based systems are vulnerable to security issues similar to any other applications. Due to the characteristics of web-based systems such as their distributable nature and cross platform accessibility, security challenges are predominant. Recently, more focus has been placed on how to handle security concerns in web systems. Current solutions to counteract the web-based system security challenges include web system languages, firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), cryptographic techniques, digital certificates and signatures among others. However, attacks and threats such as cross site scripting (XSS), Distributed Denial of Service (DDoS), cross-site request forgery (CSRF) and structured query language (SQL) injection attacks are still common. This gives the impression that there are still security challenges in this regard, despite the efforts for detection and prevention of attacks. Consequently, due to their dynamism, secure architectures are pivotal for the security of web-based systems. The focus of this paper therefore, is to review the existing security challenges of web-based systems. It is evident from this literature study that most security challenges in web-based systems stem from the threat of unauthorized access and risks from implementing technologies and standards that are under developed as regards security.

Multistage quality control in manufacturing process using blockchain with machine learning technique

Information security has more demand for digital technology. Every industry transfers its data through computer networks for legal communication. The Internet of Things (IoT), sensor-based, is one of the most current advanced tools that can handle appropriate measures to control data operations across manufacturing industries. The demand for predictive machine reliability and quality drives the development of intelligent manufacturing technologies. To this goal, a variety of machine learning algorithms are being studied. Data protection and monitoring is also another concern that is a critical component of the organization. To overcome these issues, the proposed method uses Blockchain Technology (BCT) and Machine Learning to secure the information operations and manage a dataset. Significant data approaches were employed to organize and evaluate the obtained dataset. BCT allows collecting sensor user access data, whereas ML classifiers distinguish between normal and malicious behavior to detect attacks. DoS, DDoS, intrusion, a man in the middle (MitM), brute force, cross-site scripting (XSS), and searching are the attacks detected by BCT. Furthermore, the hybrid prediction technique assessed the fault detection prediction component. The program's quality control was set using non-linear machine learning techniques that represented the complicated world and determined the actual positive rate of the standard control methodology used by the platform. The experimental result shows that the proposed method outperforms empirical metrics such as accuracy, precision, recall, and response time. The proposed method efficiently provides security between innovative manufacturing transactions.

Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review

Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review

Model of rules for malicious input parameters detection


 
 
 This article is devoted to detection of advanced techniques of malicious input parameter injections and web application firewall (WAF) bypass. The authors have proposed a hierarchical model for detection rules definition, which allows to edit different fragments separately. This model has been implemented with the usage of Backus-Naur form and ANTLR4 (generator of parsers and lexers). The solution has been tested using some popular web application scanners. The testing environment has been created with Python3. The results of research have been compared with the corresponding ones for the existing open source solution – libinjection. The main accent has been made to SQL injcetions and Cross-Site Scripting attacks.
 
 

Grey-Box Fuzzing Based on Reinforcement Learning for XSS Vulnerabilities

Cross-site scripting (XSS) vulnerabilities are significant threats to web applications. The number of XSS vulnerabilities reported has increased annually for the past three years, posing a considerable challenge to web application maintainers. Black-box scanners are mainstream tools for security engineers to perform penetration testing and detect XSS vulnerabilities. Unfortunately, black-box scanners rely on crawlers to find input points of web applications and cannot guarantee all input points are tested. To this end, we propose a grey-box fuzzing method based on reinforcement learning, which can detect reflected and stored XSS vulnerabilities for Java web applications. We first use static analysis to identify potential input points from components (i.e., Java code, configuration files, and HTML files) of the Java web application. Then, an XSS vulnerability payload generation method is proposed, which is used together with the reinforcement learning model. We define the state, action, and reward functions of three reinforcement learning models for XSS vulnerability detection scenarios so that the fuzz loop can be performed automatically. To demonstrate the effectiveness of the proposed method, we compare it against four state-of-the-art web scanners. Experimental results show that our method finds all XSS vulnerabilities and has no false positives.

Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks.

New techniques and tactics are being used to gain unauthorized access to the web that harm, steal, and destroy information. Protecting the system from many threats such as DDoS, SQL injection, cross-site scripting, etc., is always a challenging issue. This research work makes a comparative analysis between normal HTTP traffic and attack traffic that identifies attack-indicating parameters and features. Different features of standard datasets ISCX, CISC, and CICDDoS were analyzed and attack and normal traffic were compared by taking different parameters into consideration. A layered architecture model for DDoS, XSS, and SQL injection attack detection was developed using a dataset collected from the simulation environment. In the long short-term memory (LSTM)-based layered architecture, the first layer was the DDoS detection model designed with an accuracy of 97.57% and the second was the XSS and SQL injection layer with an obtained accuracy of 89.34%. The higher rate of HTTP traffic was investigated first and filtered out, and then passed to the second layer. The web application firewall (WAF) adds an extra layer of security to the web application by providing application-level filtering that cannot be achieved by the traditional network firewall system.

Systematic Review of Common Web-Application Vulnerabilities

Organizations are increasingly worried about web application vulnerabilities because they can be used by cybercriminals to access private data without authorization. In this review, we examine the current state of the vulnerabilities in the web application layer. We begin by discussing the different types of vulnerabilities that can affect web applications, including cross-site scripting (XSS), brute force, SQL injection, and cross-site request forgery (CSRF) attacks. And then for each vulnerability, we discuss the various approaches that have been developed to detect and prevent these vulnerabilities. Finally, we discuss the challenges and limitations of current approaches and suggest directions for future research. Key Words: web application, vulnerabilities, cyber-security, SQL injection, XSS, CSRF.

A robust Artificial Intelligence based Software Modelling Tool for automatically detecting and characterizing web attacks

Online applications are frequently vulnerable and network accessible over the internet. Web applications are appealing targets in the eyes of cyber attackers. The most frequent types of attacks that can disable online services include SQL injection, Cross-Site Scripting (XSS), Database Attacks, Dynamic Code Execution (DCE), and Remote Code Execution (RCE). These attacks can cause significant financial losses for service providers and clients. To understand the execution behaviour of a web application, these attacks should be tracked and automatically characterised. A new, robust Artificial Intelligence (AI) based Software Modelling Tool for automatically detecting and characterising web attacks is provided by the proposed work, which is described here. It uses Long Short-Term Memory (LSTM) to detect web attacks and includes record traces, datasets, sampling, training data, test data, LSTM models, threshold, and classification and model evaluation. The suggested study makes use of the Long Short-Term Memory (LSTM) Model to raise the Software Modeling Tool’s prediction accuracy. Support Vector Machine (SVM), Naive Bayes, and Autoencoder Deep Learning algorithms are examples of prior art that are contrasted with the principal implementations of the present invention. The Long Short-Term Memory (LSTM) Model transforms unlabeled data into deep learning features without the need for labelled input data during model training. The proposed work has a Fscore of 90.49%, Accuracy of 97.61%, Precision of 90%, Recall of 90.99%. The dataset utilised in the current disclosure has a total of 666 records, of which 532 records are used to train the AI-based Software Modelling Tool and 134 records to test it.

An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short–Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’ patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.

METHOD OF DETECTION AND ELIMINATION OF VULNERABILITIES IN INPUT COMPONENTS OF THE DOM MODEL USING fDOM

The article discusses a progressive approach to securing web applications by identifying and eliminating vulnerabilities in input components of the Document Object Model (DOM). The main focus is on the development of fDOM - a formal version of DOM that automates the process of "sanitizing" attributes, actively removing potentially dangerous content, especially in cases involving <script> tags and associated threats such as cross-site scripting (XSS). The article thoroughly examines the existing structure of DOM, identifies key vulnerabilities, and introduces innovations in the form of a sanitize method to prevent potential attacks. Technical aspects include algorithms for cleaning attributes and elements, as well as a procedure for sanitizing input data. The effectiveness of the proposed model is demonstrated through a series of tests and lemmas that confirm the absence of harmful content after the sanitization procedure. The verification of the method for detecting and eliminating vulnerabilities using the formal verification system Isabelle/HOL is also discussed, highlighting the importance of formal methods in securing web applications. The article evaluates the strengths and weaknesses of fDOM, sheds light on potential directions for further development of the model, adaptation for dynamic content, and exploration of integrations with third-party services. Demonstration of the effectiveness of fDOM using a set of tests confirmed its ability to neutralize potentially dangerous code, indicating the success of this approach in providing a higher level of security for web applications.

PhishCatcher: Client-Side Defense Against Web Spoofing Attacks Using Machine Learning

Cyber security confronts a tremendous challenge of maintaining the confidentiality and integrity of user’s private information such as password and PIN code. Billions of users are exposed daily to fake login pages requesting secret information. There are many ways to trick a user to visit a web page such as, phishing mails, tempting advertisements, click-jacking, malware, SQL injection, session hijacking, man-in-the-middle, denial of service and cross-site scripting attacks. Web spoofing or phishing is an electronic trick in which the attacker constructs a malicious copy of a legitimate web page and request users’ private information such as password. To counter such exploits, researchers have proposed several security strategies but they face latency and accuracy issues. To overcome such issues, we propose and develop client-side defence mechanism based on machine learning techniques to detect spoofed web pages and protect users from phishing attacks. As a proof of concept, a Google Chrome extension dubbed as <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PhishCatcher</i> , is developed that implements our machine learning algorithm that classifies a URL as suspicious or trustful. The algorithm takes four different types of web features as input and then random forest classifier decides whether a login web page is spoofed or not. To assess the accuracy and precision of the extension, multiple experiments were carried on real web applications. The experimental results show remarkable accuracy of 98.5% and precision as 98.5% from the trials performed on 400 classified phished and 400 legitimate URLs. Furthermore, to measure the latency of our tool, we performed experiments over forty phished URLs. The average recorded response time of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PhishCatcher</i> was just 62.5 milliseconds.

Reflected Cross Site Scripting

Cross-Site Scripting, also called as XSS, is a type of injection where malicious scripts are injected into trusted websites. When malicious code, usually in the form of browser side script, is injected using a web application to a different end user, an XSS attack is said to have taken place. Flaws which allow success to this attack are remarkably widespread and occur anywhere a web application handles the user input without validating or encoding it. A study carried out by Symantec states that more than 50% of the websites are vulnerable to the XSS attack. Security engineers of Microsoft coined the term “Cross-Site Scripting” in January of the year 2000. But even if it was coined in the year 2000, XSS vulnerabilities have been reported and exploited since the beginning of 1990’s, whose prey have been all the (then) tech-giants such as Twitter, Myspace, Orkut, Facebook and YouTube. Hence the name “Cross-Site” Scripting. This attack could be combined with other attacks such as phishing attack to make it more lethal but it usually isn’t necessary, since it is already extremely difficult to deal with from a user perspective because in many cases it looks very legitimate as it’s leveraging attacks against our banks, our shopping websites and not some fake malicious website.

Adaptive cross-site scripting attack detection framework for smart devices security using intelligent filters and attack ontology

Adaptive cross-site scripting attack detection framework for smart devices security using intelligent filters and attack ontology

Web Attack Prediction using Stepwise Conditional Parameter Tuning in Machine Learning Algorithms with Usage Data

There is a rapid growth in internet and website usage. A wide variety of devices are used to access websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script attacks is used to access web applications to obtain sensitive data. A key objective of this work is to develop new features and investigate how automatic tuning of machine learning techniques can improve the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is a dynamic and automated parameter choosing and tuning based on the better outcome. This work also compares two datasets for performance of the proposed model.

MFXSS: An effective XSS vulnerability detection method in JavaScript based on multi-feature model

The widespread use of web applications has also made them more vulnerable to hackers, resulting in the leakage of large amounts of application and personal privacy data. Cross-site scripting (XSS) attacks are one of the most significant threats to web applications. Attackers can inject scripts to control the victim’s browser to send data or execute commands, leading to the theft of privacy or the hijacking of login tokens. Therefore, we proposed a multi-feature fusion-based neural network vulnerability detection model for detecting XSS vulnerabilities in the JavaScript source code of websites (We termed our implementation of this approach MFXSS). We combine abstract syntax tree (AST) and code control flow graph (CFG) to convert the generalized sample data into graph structure and code string structure. Then, through the graph convolutional neural network, weighted aggregation, and the bidirectional recurrent neural network, the logical call features and the context execution relationship features of the source code are extracted and fused respectively. Finally, the fused feature vectors are used to detect and predict XSS vulnerabilities in JavaScript. In the experiment, we designed multiple control experiments to verify that the model construction is optimal, and the accuracy rates in the standard and variant datasets are 0.997 and 0.986. Moreover, in comparing similar detection schemes, MFXSS also performs better. Applying the model to an actual web environment, we successfully detected the presence of XSS vulnerabilities in websites.

Cross-site scripting detection with two-channel feature fusion embedded in self-attention mechanism

In the era of big data, stealing users’ private data has become one of the main targets of network hackers. In recent years, cross-site scripting (XSS) attacks to obtain users’ privacy data have been one of the main web attack methods of network hackers. Traditional antivirus software cannot identify such cross-site scripting attacks. To identify cross-site scripting attacks quickly and accurately, we proposed a cross-site scripting detection model (C-BLA) with two-channel multi-scale feature fusion embedded in a self-attention mechanism. The model first maps cross-site scripting payloads into spatial vectors by data preprocessing using Word2Vec. Then the two-channel network performs feature extraction on the data. Channel I: extract local features of cross-site scripting payloads at different scales by designing parallel one-dimensional convolutional layers with different convolutional kernel sizes; Channel II: extract semantic information of cross-site scripting payloads from two directions of positive and negative order using a bidirectional Long-Short Term Memory network, and then embed the self-attention mechanism to strengthen the semantic information features. Experiments show that the proposed model achieves a precision rate of 99.8% and a recall rate of 99.1% for cross-site scripting detection, which is a certain improvement in detection rate compared with a single deep learning model and traditional machine learning methods. The two-channel feature fusion of this model better solves the cross-site scripting detection problem.

Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning

The frequent variations of XSS (cross-site scripting) payloads make static and dynamic analysis difficult to detect effectively. In this paper, we proposed a fusion verification method that combines traffic detection with XSS payload detection, using machine learning to detect XSS attacks. In addition, we also proposed seven new payload features to improve detection efficiency. In order to verify the effectiveness of our method, we simulated and tested 20 public CVE (Common Vulnerabilities and Exposures) XSS attacks. The experimental results show that our proposed method has better accuracy than the single traffic detection model. Among them, the recall rate increased by an average of 48%, the F1 score increased by an average of 27.94%, the accuracy rate increased by 9.29%, and the accuracy rate increased by 3.81%. Moreover, the seven new features proposed in this paper account for 34.12% of the total contribution rate of the classifier.

Detection and defending the XSS attack using novel hybrid stacking ensemble learning-based DNN approach

Existing web-based security applications have failed in many situations due to the great intelligence of attackers. Among web applications, Cross-Site Scripting (XSS) is one of the dangerous assaults experienced while modifying an organization's or user's information. To avoid these security challenges, this article proposes a novel, all-encompassing combination of machine learning (NB, SVM, k-NN) and deep learning (RNN, CNN, LSTM) frameworks for detecting and defending against XSS attacks with high accuracy and efficiency. Based on the representation, a novel idea for merging stacking ensemble with web applications, termed “hybrid stacking”, is proposed. In order to implement the aforementioned methods, four distinct datasets, each of which contains both safe and unsafe content, are considered. The hybrid detection method can adaptively identify the attacks from the URL, and the defense mechanism inherits the advantages of URL encoding with dictionary-based mapping to improve prediction accuracy, accelerate the training process, and effectively remove the unsafe JScript/JavaScript keywords from the URL. The simulation results show that the proposed hybrid model is more efficient than the existing detection methods. It produces more than 99.5% accurate XSS attack classification results (accuracy, precision, recall, f1_score, and Receiver Operating Characteristic (ROC)) and is highly resistant to XSS attacks. In order to ensure the security of the server's information, the proposed hybrid approach is demonstrated in a real-time environment.

A real-time machine learning application for browser extension security monitoring

ABSTRACT One of the most common attacks in browser extensions is Cross-site scripting (XSS). To address these challenges, several browsers have proposed a new mechanism where legitimate browser extensions can only be installed from their respective Web Stores. Nonetheless, this mechanism is not flawless and multiple users still choose to install browser extensions from other sources, leaving them exposed to multiple types of attacks. This paper proposes a browser extension capable of detecting XSS attacks using Machine Learning (ML), as well as other irregularities that may occur in recently installed browser extensions. Regarding the detection of XSS attacks, the detection model is based on the Support Vector Machine (SVM) and it was able to detect malicious scripts with an accuracy of 99.5%, a precision of 99.4%, and a recall of 99.0%. Additionally, the detection of two other types of irregularities, namely the presence of blacklisted or irregular URLs located in the browser extension, and the presence of undesirable data in the manifest file of the browser extension, were considered. A Windows application was also designed in Java and deployed alongside the browser extension to monitor suspicious network requests from the newly installed browser extension.