Defense against HTML']HTML5 XSS Attack Vectors: A Nested Context-Aware Sanitization Technique

被引:0
|
作者
Kaur, Gurprect [1 ]
Pande, Bhavika [1 ]
Bhardwaj, Ayushi [1 ]
Bhagat, Gargi [1 ]
Gupta, Shashank [2 ]
机构
[1] Jaypee Inst Informat Technol Noida, Dept Comp Sci Engn, Noida, India
[2] Birla Inst Technol & Sci, Dept Comp Sci & Informat Syst, Pilani, Rajasthan, India
来源
PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE CONFLUENCE 2018 ON CLOUD COMPUTING, DATA SCIENCE AND ENGINEERING | 2018年
关键词
Online Social Network; !text type='Java']Java[!/text]Script; Cross Site Scripting; SQL injection; Cross-site scripting; Cross site request forgery; WEB APPLICATIONS;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The authors suggested an offline and online based model based on nested context aware sanitization method for detection and alleviation of malicious XSS attack vectors for OSN's. The offline mode extracts JS from webpage, calculates features and stores them in the depository for additional usage. The online approach embodies URI link extraction and feature estimation thus detecting anomaly on comparison with offline modes feature repository. The authors have developed their prototype in JavaScript and its infrastructure settings are implemented as an extension on infrastructure settings of browser. Our proposed design is implemented and tested on live OSN platforms vulnerable to XSS. The results estimated have the competency to identify the XSS worms with acceptable little false positives in comparison to recent state of art. The outcome of our design draws upon nested context of JS for efficacious sanitization.
引用
收藏
页码:442 / 446
页数:5
相关论文
共 4 条
  • [1] Context-Aware Mobile Web Browsing based on HTML']HTML5
    Zhang, Xinxin
    Yu, Zhiwen
    Tian, Jilei
    Wang, Zhitao
    Guo, Bin
    2012 9TH INTERNATIONAL CONFERENCE ON UBIQUITOUS INTELLIGENCE & COMPUTING AND 9TH INTERNATIONAL CONFERENCE ON AUTONOMIC & TRUSTED COMPUTING (UIC/ATC), 2012, : 945 - 950
  • [2] A Google Chromium Browser Extension for Detecting XSS attack in HTML']HTML5 based Websites
    Sivanesan, Arun Prasath
    Mathur, Akshay
    Javaid, Ahmad Y.
    2018 IEEE INTERNATIONAL CONFERENCE ON ELECTRO/INFORMATION TECHNOLOGY (EIT), 2018, : 302 - 304
  • [3] The Future of Mobile E-health Application Development: Exploring HTML']HTML5 for Context-aware Diabetes Monitoring
    Preuveneers, Davy
    Berbers, Yolande
    Joosen, Wouter
    4TH INTERNATIONAL CONFERENCE ON EMERGING UBIQUITOUS SYSTEMS AND PERVASIVE NETWORKS (EUSPN-2013) AND THE 3RD INTERNATIONAL CONFERENCE ON CURRENT AND FUTURE TRENDS OF INFORMATION AND COMMUNICATION TECHNOLOGIES IN HEALTHCARE (ICTH), 2013, 21 : 351 - 359
  • [4] Efficient yet Robust Elimination of XSS Attack Vectors from HTML']HTML5 Web Applications Hosted on OSN-Based Cloud Platforms
    Kaur, Gurpreet
    Pande, Bhavika
    Bhardwaj, Aayushi
    Bhagat, Gargi
    Gupta, Shashank
    6TH INTERNATIONAL CONFERENCE ON SMART COMPUTING AND COMMUNICATIONS, 2018, 125 : 669 - 675