Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Data and Social Networks

CSoNet 2020: Computational Data and Social Networks pp 411–422Cite as

XSSPro: XSS Attack Detection Proxy to Defend Social Networking Platforms

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12575))

Abstract

Social Platforms transpired as the fascinating attack surface to explode multitude of cyber-attacks as it facilitates sharing of personal and professional information. XSS vulnerability exists approximately in 80% of the social platforms. Hence, this paper presents an approach, XSSPro, to defend social networking platforms against XSS attacks. XSSPro operates through isolating the JavaScript code in the external file and performs decoding operation. The context of each injected JS code is identified and then similar scripts are grouped together to optimize the performance of XSSPro. Finally, extracted scripts are matched against the XSS attack vector repository to detect XSS attack. If matched then it is refined by using XSS APIs, otherwise, the response is XSS free and sent to the user. Experimental results revealed that XSSPro achieved an accuracy of 0.99 and is effective against thwarting XSS attack triggered using new features of the built-in code language with low false alarm rate.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Fire, M., Goldschmidt, R., Elovici, Y.: Online social networks: threats and solutions. IEEE Commun. Surv. Tutorials 16(4), 2019–2036 (2014)

    Article  Google Scholar 

  2. Gupta, B.B., Gupta, S., Gangwar, S., Kumar, M., Meena, P.K.: Cross-site scripting (XSS) abuse and defense: exploitation on several testing bed environments and its defense. J. Inf. Priv. Secur. 11(2), 118–136 (2015)

    Google Scholar 

  3. Sahoo, S.R., Gupta, B.B.: Classification of various attacks and their defence mechanism in online social networks: a survey. Enterp. Inf. Syst. 13(6), 832–864 (2019)

    Article  Google Scholar 

  4. Gupta, S., Gupta, B.B., Chaudhary, P.: A client-server JavaScript code rewriting-based framework to detect the XSS worms from online social network. Concurr. Comput. Pract. Exper. 31(21), e4646 (2019)

    Article  Google Scholar 

  5. Rodríguez, G.E., Torres, J.G., Flores, P., Benavides, D.E.: Cross-site scripting (XSS) attacks and mitigation: a survey. Comput. Netw. 166, 106960 (2020)

    Article  Google Scholar 

  6. Pelizzi, R., Sekar, R.: Protection, usability and improvements in reflected XSS filters. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Korea (2012)

    Google Scholar 

  7. Galán, E., Alcaide, A., Orfila, A., Blasco, J.: A multi-agent scanner to detect stored-XSS vulnerabilities. In: 2010 International Conference for Internet Technology and Secured Transactions pp. 1–6. IEEE November 2010

    Google Scholar 

  8. Chaudhary, P., Gupta, B.B., Yamaguchi, S.: XSS detection with automatic view isolation on online social network. In: 2016 IEEE 5th Global Conference on Consumer Electronics, pp. 1–5. IEEE October 2016

    Google Scholar 

  9. Zhang, J., Jou, Y.T., Li, X.: Cross-site scripting (XSS) detection integrating evidences in multiple stages. In: Proceedings of the 52nd Hawaii International Conference on System Sciences January 2019

    Google Scholar 

  10. Rao, K.S., Jain, N., Limaje, N., Gupta, A., Jain, M., Menezes, B.: Two for the price of one: a combined browser defense against XSS and clickjacking. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–6. IEEE February 2016

    Google Scholar 

  11. Apache tomcat server. https://tomcat.apache.org/download-80.cgi

  12. Oxwall social networking platform. https://developers.oxwall.com/download

  13. Humhub social networking site. https://www.humhub.org/en

  14. Elgg social networking engine. https://elgg.org

  15. Ning: social networking platform. https://www.ning.com/

  16. Rsnake. XSS Cheat Sheet 2008. http://ha.ckers.org/xss.html

  17. HTML5 Security Cheat Sheet. http://html5sec.org/

  18. XSS vectors available. http://xss2.technomancie.net/vectors/

  19. Gupta, S., Gupta, B.: PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications. In: Proceedings of the 12th ACM International Conference on Computing Frontiers, pp. 1–8 (2015)

    Google Scholar 

  20. @XSS Vector Twitter Account. https://twitter.com/XSSVector

  21. HtmlUnit parser. https://sourceforge.net/projects/htmlunit/files/htmlunit/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, India

    Pooja Chaudhary & B. B. Gupta

  2. Gachon University, Seongnam-si, Republic of Korea

    Chang Choi

  3. The Open University of Hong Kong, Kowloon, Hong Kong, China

    Kwok Tai Chui

Authors
  1. Pooja Chaudhary
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. B. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chang Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kwok Tai Chui
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. B. Gupta .

Editor information

Editors and Affiliations

  1. University of South Florida, Tampa, FL, USA

    Sriram Chellappan

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. New Jersey Institute of Technology, Newark, NJ, USA

    NhatHai Phan

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chaudhary, P., Gupta, B.B., Choi, C., Chui, K.T. (2020). XSSPro: XSS Attack Detection Proxy to Defend Social Networking Platforms. In: Chellappan, S., Choo, KK.R., Phan, N. (eds) Computational Data and Social Networks. CSoNet 2020. Lecture Notes in Computer Science(), vol 12575. Springer, Cham. https://doi.org/10.1007/978-3-030-66046-8_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66046-8_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66045-1

  • Online ISBN: 978-3-030-66046-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation