Reference Hub

This research has been cited in:

Article
Securing web applications from injection and logic vulnerabilities: Approaches and challengesInformation and Software Technology10.1016/j.infsof.2016.02.005
Chapter
XSS Attack Detection Approach Based on Scripts Features AnalysisTrends and Advances in Information Systems and Technologies10.1007/978-3-319-77712-2_19
Conference
A Taxonomy of XSS Attack Detections in Mobile Environments based on Automation Capabilities2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC51774.2021.00188

Information Theoretic XSS Attack Detection in Web Applications

Hossain Shahriar, Sarah North, Wei-Chuen Chen, Edward Mawangi

Source Title: International Journal of Secure Software Engineering (IJSSE)5(3)

ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466656864|DOI: 10.4018/ijsse.2014070101

Cite Article Cite Article

MLA

Shahriar, Hossain, et al. "Information Theoretic XSS Attack Detection in Web Applications." IJSSE vol.5, no.3 2014: pp.1-15. http://doi.org/10.4018/ijsse.2014070101

APA

Shahriar, H., North, S., Chen, W., & Mawangi, E. (2014). Information Theoretic XSS Attack Detection in Web Applications. International Journal of Secure Software Engineering (IJSSE), 5(3), 1-15. http://doi.org/10.4018/ijsse.2014070101

Chicago

Shahriar, Hossain, et al. "Information Theoretic XSS Attack Detection in Web Applications," International Journal of Secure Software Engineering (IJSSE) 5, no.3: 1-15. http://doi.org/10.4018/ijsse.2014070101

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Information Theoretic XSS Attack Detection in Web Applications

MLA

APA

Chicago

Export Reference

Abstract

Request Access