TY - GEN
T1 - XSSPro
T2 - 9th International Conference on Computational Data and Social Networks, CSoNet 2020
AU - Chaudhary, Pooja
AU - Gupta, B. B.
AU - Choi, Chang
AU - Chui, Kwok Tai
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Social Platforms transpired as the fascinating attack surface to explode multitude of cyber-attacks as it facilitates sharing of personal and professional information. XSS vulnerability exists approximately in 80% of the social platforms. Hence, this paper presents an approach, XSSPro, to defend social networking platforms against XSS attacks. XSSPro operates through isolating the JavaScript code in the external file and performs decoding operation. The context of each injected JS code is identified and then similar scripts are grouped together to optimize the performance of XSSPro. Finally, extracted scripts are matched against the XSS attack vector repository to detect XSS attack. If matched then it is refined by using XSS APIs, otherwise, the response is XSS free and sent to the user. Experimental results revealed that XSSPro achieved an accuracy of 0.99 and is effective against thwarting XSS attack triggered using new features of the built-in code language with low false alarm rate.
AB - Social Platforms transpired as the fascinating attack surface to explode multitude of cyber-attacks as it facilitates sharing of personal and professional information. XSS vulnerability exists approximately in 80% of the social platforms. Hence, this paper presents an approach, XSSPro, to defend social networking platforms against XSS attacks. XSSPro operates through isolating the JavaScript code in the external file and performs decoding operation. The context of each injected JS code is identified and then similar scripts are grouped together to optimize the performance of XSSPro. Finally, extracted scripts are matched against the XSS attack vector repository to detect XSS attack. If matched then it is refined by using XSS APIs, otherwise, the response is XSS free and sent to the user. Experimental results revealed that XSSPro achieved an accuracy of 0.99 and is effective against thwarting XSS attack triggered using new features of the built-in code language with low false alarm rate.
KW - Code injection vulnerability
KW - Cross site scripting (XSS)
KW - Malicious JS code
KW - Social networking platforms (SNPs)
KW - XSS API
UR - http://www.scopus.com/inward/record.url?scp=85101370166&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-66046-8_34
DO - 10.1007/978-3-030-66046-8_34
M3 - Conference contribution
AN - SCOPUS:85101370166
SN - 9783030660451
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 411
EP - 422
BT - Computational Data and Social Networks - 9th International Conference, CSoNet 2020, Proceedings
A2 - Chellappan, Sriram
A2 - Choo, Kim-Kwang Raymond
A2 - Phan, NhatHai
Y2 - 11 December 2020 through 13 December 2020
ER -