Skip to main content
SpringerLink
Log in

An Efficient Detecting Mechanism for Cross-Site Script Attacks in the Cloud

  • Conference paper
  • First Online:
Advanced Technologies, Embedded and Multimedia for Human-centric Computing

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 260))

Abstract

Cloud computing is one of the most prospect technologies due to its flexibility and low-cost usage. Several security issues in the cloud are raised by researchers. Cross-site script (XSS) attack is one of the most threats in the Internet. In the past, there are many literatures for detecting XSS attacks were proposed. Unfortunately, fewer studies focus on the detection of XSS attacks in the cloud. In this paper, we propose a mechanism to detect XSS attacks in cloud environments. The framework is also presented. In particular, our mechanism is not need to modify browsers and applications. We demonstrate our mechanism has higher accuracy rate and lower impact on performance of applications in the experiment. It sufficiently shows our mechanism is suitable for real-time detection in XSS attacks for cloud environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Jovanovic N, Kruegel K, Kirda E (2006) Precise alias analysis for static detection of web application vulnerabilities. In: 2006 workshop on programming languages and analysis for security. ACM press, New York, pp 27–36

    Google Scholar 

  2. Wassermann G, Su z (2008) Static detection of cross-site scripting vulnerabilities. In: 30th international conference on software engineering. IEEE press, New York, pp 171–180

    Google Scholar 

  3. Zhang XH, Wang ZJ (2010) A static analysis tool for detecting web application injection vulnerabilities for asp program. In: 2nd international conference on e-business and information system security. IEEE press, New York, pp 1–5

    Google Scholar 

  4. Jim T, Swamy N, Hicks M (2007) Defeating script injection attacks with browser-enforced embedded policies. In: 16th international conference on World Wide Web. ACM press, New York, pp 601–610

    Google Scholar 

  5. Vogt P, Nentwich F, Jovanovic N, Kirda E, Christopher K, Vigna G (2007) Cross-site scripting prevention with dynamic data tainting and static analysis. In: international symposium on network and distributed system security. IEEE press, New York, pp 201–210

    Google Scholar 

  6. Lam MS, Martin M, Whaley J (2008) Securing web applications with static and dynamic information flow tracking. In: 2008 ACM SIGPLAN symposium on evaluation and semantics-based program manipulation. ACM press, New York, pp 3–12

    Google Scholar 

  7. Zhang Q, Chen H, Sun J (2010) An execution-flow based method for detecting cross-site scripting attacks. In: 2nd international conference on software engineering and data mining. IEEE press, New York, pp 160–165

    Google Scholar 

  8. Guarnieri S, Pistoia M, Tripp O, Dolby J, Teihet S, Berg R (2011) Saving the World Wide Web from vulnerable JavaScript. In: 11th international symposium on software testing and analysis. ACM press, New York, pp 177–187

    Google Scholar 

  9. Gundy M, Chen H (2009) Noncespaces: using randomization to enforce information flow tracking and thwart cross-site scripting attacks. In: International symposium on network and distributed system security. IEEE press, New York, pp 123–130

    Google Scholar 

  10. Johns M, Engelmann B, Posegga J (2011) S2XS2: a server side approach to automatically detect XSS attacks. In: International conference on computer security applications. IEEE press, New York, pp 335–344

    Google Scholar 

  11. Shahriar H, Zulkernine M (2009) Injecting comments to detect JavaScript code injection attacks. In: 35th international conference on computer software and applications. IEEE press, New York, pp 104–109

    Google Scholar 

  12. Wurzinger P, Platzer C, Ludl C, Kirda E, Kruegel C (2009) SWAP: mitigating XSS attacks using a reverse proxy. In: 2009 ICSE workshop on software engineering for secure systems. IEEE press, New York, pp 33–39

    Google Scholar 

  13. Komiya R, Paik I, Hisada M (2011) Classification of malicious web code by machine learning. In: 3rd international conference on awareness science and technology. IEEE press, New York, pp 406–411

    Google Scholar 

  14. Choi J, Kim H, Choi C, Kim Pk (2011) Efficient malicious code detection using n-gram analysis and SVM. In: 14th international conference on network-based information systems. IEEE press, New York, pp 618–621

    Google Scholar 

  15. Nunan AE, Souto E, Santos EMD, Feitosa E (2012) Automatic classification of cross-site scripting in web pages using document-based and URL-based features. In: 2012 IEEE symposium on computers and communications. IEEE press, New York, pp 702–707

    Google Scholar 

  16. Shar LK, Tan HBK (2012) Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities. In: 2012 ICSE international conference on software engineering. IEEE press, New York, pp 1293–1296

    Google Scholar 

  17. Iha G, Doi H (2009) An implementation of the binding mechanism in the web browser for preventing XSS attacks. In: international conference on availability, reliability and security. IEEE press, New York, pp 996–971

    Google Scholar 

  18. Putthacharoen R, Bunyatnoparat P (2011) Protecting cookies from cross site script attacks using dynamic cookies rewriting technique. In: international conference on advanced communication technology. IEEE press, New York, pp 1090–1094

    Google Scholar 

  19. Shar LK, Tan HBK (2012) Auditing the XSS defence features implemented in web application programs. IET Software 6(4):377–390

    Article  Google Scholar 

  20. XSS Attacks Information. http://www.xssed.com

Download references

Acknowledgments

The authors thank the referees for their valuable comments and constructive suggestions. This research was partially supported by Shenzhen peacock project, China under contract No. KQC201109020055A and Shenzhen Strategic Emerging Industries Program, China under Grants No. ZDSY20120613125016389 China.

Author information

Authors and Affiliations

  1. Innovative Information Industry Research Center, Shenzhen Graduate School, Harbin Institute of Technology, Shenzhen, 518055, China

    Wei Kan, Tsu-Yang Wu, Tao Han, Chun-Wei Lin, Chien-Ming Chen & Jeng-Shyang Pan

  2. Shenzhen Key Laboratory of Internet Information Collaboration, Shenzhen, 518055, China

    Tsu-Yang Wu, Chun-Wei Lin, Chien-Ming Chen & Jeng-Shyang Pan

Authors
  1. Wei Kan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tsu-Yang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chun-Wei Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jeng-Shyang Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tsu-Yang Wu .

Editor information

Editors and Affiliations

  1. ES Department, National Cheng Kung University, Tainan City, Taiwan

    Yueh-Min Huang

  2. Engineering, National Ilan University Inst. Computer Science & Information, I-Lan, Taiwan

    Han-Chieh Chao

  3. Dept of Computer Sci. and Inf. Bao-Shan Campus, National Changhua University of Education, Changhua City, Taiwan

    Der-Jiunn Deng

  4. Department of Computer Science and Engineering, Seoul University of Science & and Technology (SeoulTech), Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media Dordrecht

About this paper

Cite this paper

Kan, W., Wu, TY., Han, T., Lin, CW., Chen, CM., Pan, JS. (2014). An Efficient Detecting Mechanism for Cross-Site Script Attacks in the Cloud. In: Huang, YM., Chao, HC., Deng, DJ., Park, J. (eds) Advanced Technologies, Embedded and Multimedia for Human-centric Computing. Lecture Notes in Electrical Engineering, vol 260. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-7262-5_76

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-7262-5_76

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-7261-8

  • Online ISBN: 978-94-007-7262-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation