Please use this identifier to cite or link to this item:

Cross-Site Scripting (XSS) Detection Integrating Evidences in Multiple Stages

File Size Format  
0713.pdf 6.9 MB Adobe PDF View/Open

Item Summary

Title:Cross-Site Scripting (XSS) Detection Integrating Evidences in Multiple Stages
Authors:Zhang, Jingchi
Jou, Yu-Tsern
Li, Xiangyang
Keywords:Cyber Threat Intelligence and Analytics
Software Technology
Attack Detection, Cross-Site Scripting, Gaussian Mixture Model, Web Attack
Date Issued:08 Jan 2019
Abstract:As Cross-Site Scripting (XSS) remains one of the top web security risks, people keep exploring ways to detect such attacks efficiently. So far, existing solutions only focus on the payload in a web request or a response, a single stage of a web transaction. This work proposes a new approach that integrates evidences from both a web request and its response in order to better characterize XSS attacks and separate them from normal web transactions. We first collect complete payloads of XSS and normal web transactions from two databases and extract features from them using the Word2vec technique. Next, we train two Gaussian mixture models (GMM) with these features, one for XSS transaction and one for normal web transactions. These two models can generate two probability scores for a new web transaction, which indicate how similar this web transaction is to XSS and normal traffics respectively. Finally, we put together these two GMM models in classification by combining these two probabilities to further improve detection accuracy.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cyber Threat Intelligence and Analytics

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons