Abstract
Social Platforms transpired as the fascinating attack surface to explode multitude of cyber-attacks as it facilitates sharing of personal and professional information. XSS vulnerability exists approximately in 80% of the social platforms. Hence, this paper presents an approach, XSSPro, to defend social networking platforms against XSS attacks. XSSPro operates through isolating the JavaScript code in the external file and performs decoding operation. The context of each injected JS code is identified and then similar scripts are grouped together to optimize the performance of XSSPro. Finally, extracted scripts are matched against the XSS attack vector repository to detect XSS attack. If matched then it is refined by using XSS APIs, otherwise, the response is XSS free and sent to the user. Experimental results revealed that XSSPro achieved an accuracy of 0.99 and is effective against thwarting XSS attack triggered using new features of the built-in code language with low false alarm rate.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Fire, M., Goldschmidt, R., Elovici, Y.: Online social networks: threats and solutions. IEEE Commun. Surv. Tutorials 16(4), 2019–2036 (2014)
Gupta, B.B., Gupta, S., Gangwar, S., Kumar, M., Meena, P.K.: Cross-site scripting (XSS) abuse and defense: exploitation on several testing bed environments and its defense. J. Inf. Priv. Secur. 11(2), 118–136 (2015)
Sahoo, S.R., Gupta, B.B.: Classification of various attacks and their defence mechanism in online social networks: a survey. Enterp. Inf. Syst. 13(6), 832–864 (2019)
Gupta, S., Gupta, B.B., Chaudhary, P.: A client-server JavaScript code rewriting-based framework to detect the XSS worms from online social network. Concurr. Comput. Pract. Exper. 31(21), e4646 (2019)
Rodríguez, G.E., Torres, J.G., Flores, P., Benavides, D.E.: Cross-site scripting (XSS) attacks and mitigation: a survey. Comput. Netw. 166, 106960 (2020)
Pelizzi, R., Sekar, R.: Protection, usability and improvements in reflected XSS filters. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Korea (2012)
Galán, E., Alcaide, A., Orfila, A., Blasco, J.: A multi-agent scanner to detect stored-XSS vulnerabilities. In: 2010 International Conference for Internet Technology and Secured Transactions pp. 1–6. IEEE November 2010
Chaudhary, P., Gupta, B.B., Yamaguchi, S.: XSS detection with automatic view isolation on online social network. In: 2016 IEEE 5th Global Conference on Consumer Electronics, pp. 1–5. IEEE October 2016
Zhang, J., Jou, Y.T., Li, X.: Cross-site scripting (XSS) detection integrating evidences in multiple stages. In: Proceedings of the 52nd Hawaii International Conference on System Sciences January 2019
Rao, K.S., Jain, N., Limaje, N., Gupta, A., Jain, M., Menezes, B.: Two for the price of one: a combined browser defense against XSS and clickjacking. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–6. IEEE February 2016
Apache tomcat server. https://tomcat.apache.org/download-80.cgi
Oxwall social networking platform. https://developers.oxwall.com/download
Humhub social networking site. https://www.humhub.org/en
Elgg social networking engine. https://elgg.org
Ning: social networking platform. https://www.ning.com/
Rsnake. XSS Cheat Sheet 2008. http://ha.ckers.org/xss.html
HTML5 Security Cheat Sheet. http://html5sec.org/
XSS vectors available. http://xss2.technomancie.net/vectors/
Gupta, S., Gupta, B.: PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications. In: Proceedings of the 12th ACM International Conference on Computing Frontiers, pp. 1–8 (2015)
@XSS Vector Twitter Account. https://twitter.com/XSSVector
HtmlUnit parser. https://sourceforge.net/projects/htmlunit/files/htmlunit/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Chaudhary, P., Gupta, B.B., Choi, C., Chui, K.T. (2020). XSSPro: XSS Attack Detection Proxy to Defend Social Networking Platforms. In: Chellappan, S., Choo, KK.R., Phan, N. (eds) Computational Data and Social Networks. CSoNet 2020. Lecture Notes in Computer Science(), vol 12575. Springer, Cham. https://doi.org/10.1007/978-3-030-66046-8_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-66046-8_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66045-1
Online ISBN: 978-3-030-66046-8
eBook Packages: Computer ScienceComputer Science (R0)