CFP last date
20 December 2024
Reseach Article

Multiclass Classification of XSS Web Page Attack using Machine Learning Techniques

by S. Krishnaveni, K. Sathiyakumari
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 74 - Number 12
Year of Publication: 2013
Authors: S. Krishnaveni, K. Sathiyakumari
10.5120/12940-0033

S. Krishnaveni, K. Sathiyakumari . Multiclass Classification of XSS Web Page Attack using Machine Learning Techniques. International Journal of Computer Applications. 74, 12 ( July 2013), 36-40. DOI=10.5120/12940-0033

@article{ 10.5120/12940-0033,
author = { S. Krishnaveni, K. Sathiyakumari },
title = { Multiclass Classification of XSS Web Page Attack using Machine Learning Techniques },
journal = { International Journal of Computer Applications },
issue_date = { July 2013 },
volume = { 74 },
number = { 12 },
month = { July },
year = { 2013 },
issn = { 0975-8887 },
pages = { 36-40 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume74/number12/12940-0033/ },
doi = { 10.5120/12940-0033 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:42:07.481108+05:30
%A S. Krishnaveni
%A K. Sathiyakumari
%T Multiclass Classification of XSS Web Page Attack using Machine Learning Techniques
%J International Journal of Computer Applications
%@ 0975-8887
%V 74
%N 12
%P 36-40
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Web applications are most widely used technique for providing an access to online services. At the same time web applications are easiest way for vulnerable acts. When a security mechanism is failed then the user may download malicious code from a trusted web site. In this case, the malicious script is contracted to full access with all assets belonging to that legitimate web site. These types of attacks are called Cross-Site Scripting (XSS) attacks. Cross Site Scripting (XSS) attacks are the most common type of attack against web application, which allows hackers to inject the malicious script code for stealing the user's confidential information. Recent studies show that malicious code detection has become the most frequent vulnerability. In web browsers, the malicious script codes are executed and used to transfer the sensitive data to the third party (or hackers) domain. Currently, most research areas are attempted to prevent XSS on both the client and server side. In this paper, we present a machine learning technique to classify the malicious web pages. This work focus some of the possible ways to detect the XSS script on client side based on the features extracted from the web document content and the URL to scan the web pages for check the malicious scripts.

References
  1. C. Alme, "Web browsers: An emerging platform under attack," MCAfee, Tech. Rep. , 2008.
  2. M. Arciemowicz. phpBB 2. 0. 18 XSS and Full Path Disclosure. http://archives. neohapsis. com/ archives/ fulldisclosure /2005-12/0829. html, December 2006.
  3. A. Barth, C. Jackson, and J. Mitchell, "Securing frame communication in browsers," Commun. ACM, vol. 52, no. 6, pp. 83–91, 2009.
  4. S. Bubrouski. Advisory: XSS in WebCal (v1. 11-v3. 04). http://archives. neohapsis. com/archives/ fulldisclosure/2005-12/0810. html, December 2005.
  5. S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. Iyer. Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In IEEE International Conference on Dependable Systems and Networks (DSN), 2004.
  6. F. Esponda, S. Forrest, and P. Helman, "A formal framework for positive and negative detection schemes," Systems, Man, and Cybernetics, Part B: Cybernetics, IEEE Transactions on, vol. 34, no. 1, pp. 357–373, 2004.
  7. Grossman, J. , Hansen R. , Petkov, D. P. , Rager, A. e Fogie, S. "Cross Site Scripting Attacks: XSS Exploits and Defense". Burlington, MA, EUA, Syngress Publishing Inc. 2007.
  8. B. Garrett, H. Travis, I. Micheal, P. Atul, and B. Kevin, "Social networks and context-aware spam," in Proceedings of the ACM 2008 conference on Computer supported cooperative work. San Diego, CA, USA: ACM, 2008.
  9. J. Goguen and J. Meseguer. Security Policies and Security Models. In IEEE Symposium on Security and Privacy, 1982.
  10. D. Gollmann, "Securing web applications," Information Security Technical Report, vol. 13, no. 1, pp. 1–9, 2008.
  11. Google, "Google trends. " [Online]. Available: http://www. google. com/trends/hottrends [Accessed: 08/10/2012]
  12. M. Group. MyBB - Home. http://www. mybboard. com/, 2006.
  13. V. Haldar, D. Chandra, and M. Franz. Dynamic Taint Propagation for Java. In Twenty-First Annual Computer Security Applications Conference (ACSAC), 2005.
  14. . Hallaraker and G. Vigna. Detecting Malicious JavaScript Code in Mozilla. In 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS05), 2005.
  15. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static Analysis Tool for DetectingWeb Application Vulnerabilities (Short Paper). In IEEE Symposium on Security and Privacy, 2006.
  16. E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In The 21st ACM Symposium on Applied Computing (SAC 2006), 2006.
  17. C. Kruegel and G. Vigna. Anomaly Detection ofWeb-based Attacks. In 10th ACM Conference on Computer and Communication Security (CCS-03) Washington, DC, USA, October 27-31, pages 251 – 261, October 2003.
  18. Microsoft, "Microsoft security intelligence report," Microsoft, Tech. Rep. , 2009.
  19. Mozilla Foundation. JavaScript Security: Same Origin. http://www. mozilla. org/projects/ security/components/same-origin. html, February 2006.
  20. Netscape. . Using data tainting for security. http://wp. netscape. com/eng/mozilla/3. 0/handbook/javascript/advtopic. htm, 2006.
  21. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and A. Modadugu, "The ghost in the browser: Analysis of webbased malware," in Proceedings of the first USENIX workshop on hot topics in Botnets, 2007.
  22. Ryan Barnett Senior Security Researcher Trustwave's SpiderLabs rbarnett@trustwave. com. Revision 1(January 7, 2011) "XSS Street-Fight:The Only Rule Is There Are No Rules".
  23. C. Seifert, I. Welch, and P. Komisarczuk, "Identification of malicious web pages with static heuristics," in Telecommunication Networks and Applications Conference, 2008. ATNAC 2008. Australasian, 2008, pp. 91–96.
  24. Symantic, "Security threat report - trend for 2012," Symantic, Tech. Rep. , April 2012.
  25. Yahoo, "Web search document for yahoo!" [Online]. Available: http://developer. yahoo. com/search/web/V1/ webSearch. html [Accessed: 08/10/2012].
  26. Wasserman, G e Su, Z. "Static Detection of Cross- Site Scripting Vulnerabilities". In: 30th International Conference on Software Engineering, 2008.
Index Terms

Computer Science
Information Sciences

Keywords

Cross site scripting (XSS) SOL injection Script injection attact Cross site Request Forgery (CSRF) vulnerability malicious code