ABSTRACT
In order to effectively improve the accuracy of cross-site scripting attack detection, a method based on CNNPayl for XSS attack detection is proposed. Firstly, the attack vector is generated and transformed by using the HMM model and code obfuscation strategy to obtain the test attack data set. Using sample preprocessing, all sample data sets are processed by normalization and word segmentation to reduce redundant information. Secondly, Word2vec is used to convert the preprocessing results into word embedding, and the relationship between HTML tags and DOM methods is obtained, and the network structure is reduced. The complexity is further studied by constructing four convolutional layers to learn and extract semantic features, and to achieve effective classification through the SOFTMAX layer. The experimental results show that the proposed method reduces the false positive rate and improves the detection accuracy.
- Shar L K, Tan H B K. Defending against Cross-Site Scripting Attacks{J}. Computer, 2012, 45(3):55--62. Google ScholarDigital Library
- Wang X L, Zhang Y Q. A behavior-based client defense scheme against XSS{J}. Journal of Graduate University of Chinese Academy of Sciences, 2011, 28(5): 668--675.Google Scholar
- Wang W, Guyet T, Quiniou R, et al. Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks{J}. Knowledge-Based Systems, 2014, 70:103--117. Google ScholarDigital Library
- Shar L K, Tan H B K. Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities{C}. International Conference on Software Engineering.(ICSE '12). Zurich: IEEE, 2012:1293~1296. Google ScholarDigital Library
- Shar L K, Tan H B K. Predicting common web application vulnerabilities from input validation and sanitization code patterns{C}. International Conference on Automated Software Engineering. Essen: IEEE/ACM 2012:310~313. Google ScholarDigital Library
- Guo X, Jin S, Zhang Y. XSS Vulnerability Detection Using Optimized Attack Vector Repertory{C}. International Conference on Cyber-enabled Distributed Computing & Knowledge Discovery. (Cyber C). Xi'an: IEEE, 2015: 29~36. Google ScholarDigital Library
- LI X, TANG W, ZHANG H. New Model of Learning Web Application Firewall{J}. Journal of Chinese Computer Systems, 2014, 35(3):483--487.Google Scholar
- Citrix, NetScaler application firewall{EB /OL. http: / /www. citrix. com /English /ps2 /products/product. asp? contentID = 2312027&ntr ef = prod_biz, 2013.Google Scholar
- Perdisci R, Ariu D, Fogla P, et al. McPAD: A multiple classifier system for accurate payload-based anomaly detection{J}. Computer Networks the International Journal of Computer & Telecommunications Networking, 2009, 53(6):864--881. Google ScholarDigital Library
- Song Y, Keromytis A D, Stolfo S J. Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic{J}. 2009:121--135.Google Scholar
- HUANG Nana, WAN Liang, DENG Xuankun, et al. A Cross Site Script Vulnerability Detection Technology Based on Sequential Minimum Optimization Algorithm{J}.Netinfo Security, 2-017(10):55--62.Google Scholar
- Ariu D, Tronci R, Giacinto G. HMMPayl: An intrusion detection system based on Hidden Markov Models{J}. Computers & Security, 2011, 30(4):221--241. Google ScholarDigital Library
- LI Bing, ZHAO Fengyu. Study and design of stored-XSS vulnerability detection{J}. Computer application and software, 2013, 30(3):17--21.Google Scholar
- WANG Dan, GU Mingchang, ZHAO Wenbing. Cross-site script vulnerability penetration testing technology{J}. Journal of Harbin Engineering University, 2017, 38(11):1769--1774.Google Scholar
- Mikolov T, Sutskever I, Chen K, et al. Distributed Representations of Words and Phrases and their Compositionality{J}. Advances in Neural Information Processing Systems, 2013, 26:3111--3119. Google ScholarDigital Library
- Kim Y. Convolutional Neural Networks for Sentence Classification{J}. Eprint Arxiv, 2014.Google ScholarCross Ref
- Lei T, Barzilay R, Jaakkola T. Molding CNNs for text: non-linear, non-consecutive convolutions{J}. Indiana University Mathematics Journal, 2015, 58(3):págs. 1151--1186.Google Scholar
- Corona I, Ariu D, Giacinto G. HMM-web: a framework for the detection of attacks against web applications{C}// IEEE International Conference on Communications. IEEE Press, 2009:747--752. Google ScholarDigital Library
- Glorot X, Bengio Y. Understanding the difficulty of training deep feedforward neural networks{J}. Journal of Machine Learning Research, 2010, 9:249--256.Google Scholar
- Kingma D P, Ba J. Adam: A Method for Stochastic Optimization{J}. Computer Science, 2014.Google Scholar
Index Terms
- CNNPayl: An Intrusion Detection System of Cross-site Script Detection
Recommendations
Scriptless attacks: Stealing more pie without touching the sill
Web Application Security Web @ 25Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of attention from the members of security community worldwide. In the same way, a plethora of more or less effective defense techniques have been proposed, ...
Securing web applications from injection and logic vulnerabilities
Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the ...
Black-box adversarial attacks on XSS attack detection model
AbstractCross-site scripting (XSS) has been extensively studied, although mitigating such attacks in web applications remains challenging. While there is an increasing number of XSS attack detection approaches designed based on machine ...
Comments