Malicious XSS Code Detection with Decision Tree

Dynamic applications such as e-commerce, blogs, forums, e-governance, e-banking and portals that are in these platforms have become a part of our lives. However, a tremendous increase in the use of dynamic web and mobile applications has resulted in security vulnerabilities originating from the Hypertext Markup Language (HTML) coding system. Site-to-site Script Execution (XSS) attack is the largest contributors to security exploits. There are different models according to the dynamic content that XSS attacks use. The interest of the study is composed of attacks on visual content with the "img" tag. In study, an algorithm has been developed to detect XSS attacks with the decision tree which is motivated by the fact that they tend to be easier to implement and interpret than other quantitative data-driven methods. The algorithm that successfully classifies 392 of 400 malicious and clean codes in the data set with 8 different features. This result contributes to the use of secure internet without XSS attacks that use visual content..

Malicious XSS Code Detection with Decision Tree

Dynamic applications such as e-commerce, blogs, forums, e-governance, e-banking and portals that are in these platforms have become a part of our lives. However, a tremendous increase in the use of dynamic web and mobile applications has resulted in security vulnerabilities originating from the Hypertext Markup Language (HTML) coding system. Site-to-site Script Execution (XSS) attack is the largest contributors to security exploits. There are different models according to the dynamic content that XSS attacks use. The interest of the study is composed of attacks on visual content with the "img" tag. In study, an algorithm has been developed to detect XSS attacks with the decision tree which is motivated by the fact that they tend to be easier to implement and interpret than other quantitative data-driven methods. The algorithm that successfully classifies 392 of 400 malicious and clean codes in the data set with 8 different features. This result contributes to the use of secure internet without XSS attacks that use visual content..

___

  • Ömer Kasim, “Evolving Web Process and Security”, 9. International Conference on Information Security and Cryptology, (2016). Wichers Dave, “https://www.. owasp.org/index.php/Top_10_2013-Top_10”, Date of Access: 15.07.2017.
  • Garcia Alfaro, Navarro Arribas, "Prevention Of Cross-Site Scripting Attacks On Current Web Applications Greece", Proceedings of The OTM Confederated International, (2007).
  • Yusof Imran, Al-Sakib Khan Pathan, "Preventing Persistent Cross-Site Scripting (XSS) Attack By Applying Pattern Filtering Approach", IEEE The 5th International Conference On Information And Communication Technology, (2014).
  • Jasmine M. S., Kirthiga Devi, Geogen George. "Detecting XSS Based Web Application Vulnerabilities", International Journal Of Computer Technology & Applications, Pp. 291-297, (2017).
  • Gupta, B. B., Gupta, S., Gangwar, S., Kumar, M., Meena, P. K., “Cross-Site Scripting (XSS) Abuse And Defense: Exploitation On Several Testing Bed Environments And Its Defense.” Journal Of Information Privacy And Security, Vol.11, No.2, Pp. 118-136, (2015).
  • Dong, Ri-Zhan, Jie Ling, And Yi Liu. "DOM Based XSS Detecting Method Based On Phantomjs." Proceedings Of The International Conference On Applied Mechanics, Mechatronics And Intelligent Systems, (2015).
  • Vural, Yılmaz, Şeref SAĞIROĞLU. "Kurumsal Bilgi Güvenliği Ve Standartları Üzerine Bir İnceleme." Gazi Üniversitesi Journal of Faculty of Engineering and Architecture Vol.23, No.2, (2008).
  • S. Saha, “Consideration Points Detecting Cross-Site Scripting," International Journal Of Computer Science And Information Security, Vol. 4, No. 1, (2009).
  • Zou, Cliff Changchun, Weibo Gong, Don Towsley. "Code Red Worm Propagation Modeling And Analysis." Proceedings Of The 9th ACM Conference On Computer And Communications Security, (2002).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference On Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Baykara Muhammet, Resul Daş, İsmail Karadoğan. "Bilgi Güvenliği Sistemlerinde Kullanılan Araçların İncelenmesi." 1st International Symposium On Digital Forensics And Security, Vol. 27. (2013).
  • GA Di Lucca, AR Fasolino, M Mastoianni, "Identifying Cross Site Scripting Vulnerabilities In Web Applications." Sixth IEEE International Workshop On Web Site Evolution, (2004).
  • Bhuyan, Monowar H., Dhruba K. Bhattacharyya, Jugal K. Kalita. "Survey On Incremental Approaches For Network Anomaly Detection." Arxiv Preprint Arxiv:1211.4493, (2012).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference on Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Boro, Debojit, Dhruba K. Bhattacharyya. "Dyprosd: A Dynamic Protocol Specific Defense For High-Rate Ddos Flooding Attacks.", Microsystem Technologies, Pp. 593-611, (2017).
  • Shahriar, Hossain, Vamshee Krishna Devendran, Hisham Haddad. "Proclick: A Framework For Testing Clickjacking Attacks In Web Applications." Proceedings Of The 6th International Conference On Security Of Information And Networks, (2013).
  • S Goswami, N Hoque, DK Bhattacharyya "An Unsupervised Method For Detection Of XSS Attack." International Journal Of Network Security, Vol.19, No.5, Pp.761-775, Sept. (2017).
  • Likarish, Peter, Eunjin Jung, Insoon Jo, "Obfuscated Malicious Javascript Detection Using Classification Techniques.", IEEE 4th International Conference On Malicious And Unwanted Software, (2009).
  • Sheet, XSS Filter Evasion Cheat, “https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_
Politeknik Dergisi-Cover
  • ISSN: 1302-0900
  • Yayın Aralığı: Yılda 4 Sayı
  • Başlangıç: 1998
  • Yayıncı: GAZİ ÜNİVERSİTESİ
Sayıdaki Diğer Makaleler

SHS Yöntemiyle Üretilen Tabakalı Nial(Co/Cr) Alaşımının Mikroyapı ve Gözenek Oranına İşlem Parametrelerinin Etkisi

İbrahim BİLİZ, Adem BAKKALOĞLU, Musa KILIÇ

Bakır ve Pirinç Talaşı ile Takviye Edilmiş Boru Bağlantı Elemanlarının İki Farklı Üretim Türü İçin (SEC) Özel Enerji Tüketim Modeli

Burak ÖZTÜRK, Özkan KÜÇÜK

Yüksek Sıcaklık Fırınlarının Hesaplamalı Akışkanlar Dinamiği ile Modellenmesi

Cuma KILINÇ, Ümit İSKENDER

Large Deflection Analysis of Prismatic Cantilever Beam Comparatively by Using Combing Method and Iterative DQM

Zekeriya GİRGİN, Faruk Emre AYSAL, Hüseyin BAYRAKÇEKEN

Çarpık ve parçalı mıknatıs geometrileri kullanarak vuruntu torku minimizasyonu

Erol KURT, Nihat ÖZTÜRK, Adem DALCALI, Emre ÇELİK

Kalça Protezi Stabilitesinin Harmonik Cevap Analizi ile Değerlendirilmesi

TALİP ÇELİK, Yasin KİŞİOĞLU

Salter Harris Tip 4 Distal Femoral Epifiz Kırıklarında Dört Farklı Konfigürasyonun Biyomekanik Etkileri

Kadir GÖK, Arif GÖK, Sermet İNAL

Biomechanical Effects of Four Different Configurations In Salter Harris Type 4 Distal Femoral Epiphyseal Fractures

Kadir GÖK, Sermet İNAL, Arif GÖK

Optimising High Lime Fly Ash Content By Means of Silica Fume İncorporation To Control Alkali-Silica Reaction And Drying Shrinkage of Mortars

H. Süleyman GÖKÇE, Hojjat HOSSEİNNEZHAD, Onur ÜZÜM, Daniel HATUNGİMANA, Kambiz RAMYAR

Experimental and Finite Element Methods Prediction of 3D Printed Material Mechanical Properties with Various Porosity

Abdulaziz S. ALABOODI