{"title":"A PU-learning based approach for cross-site scripting attacking reality detection","authors":"Wenbo Wang, Peng Yi, Huikai Xu","doi":"10.1049/ntw2.12123","DOIUrl":null,"url":null,"abstract":"<p>Cross-site scripting (XSS) attack has been one of the most dangerous attacks in cyberspace security. Traditional methods essentially discover XSS attack by detecting malicious payloads in requests, which is unable to distinguish attacking attempts with the attacking reality. The authors collect responses from a web server and train a bagging-based PU learning model to determine whether the XSS vulnerability is truly triggered. To validate the authors’ proposed framework, experiments are performed on 5 popular web applications with 11 specified CVE recorded vulnerabilities and 32 vulnerable inputs. Results show that the authors’ approach outperforms existing research studies, effectively identifies the attacking reality from attacking attempts, and meanwhile reduces the number of worthless security alarms.</p>","PeriodicalId":46240,"journal":{"name":"IET Networks","volume":"13 4","pages":"313-323"},"PeriodicalIF":1.3000,"publicationDate":"2024-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.12123","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Networks","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ntw2.12123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Cross-site scripting (XSS) attack has been one of the most dangerous attacks in cyberspace security. Traditional methods essentially discover XSS attack by detecting malicious payloads in requests, which is unable to distinguish attacking attempts with the attacking reality. The authors collect responses from a web server and train a bagging-based PU learning model to determine whether the XSS vulnerability is truly triggered. To validate the authors’ proposed framework, experiments are performed on 5 popular web applications with 11 specified CVE recorded vulnerabilities and 32 vulnerable inputs. Results show that the authors’ approach outperforms existing research studies, effectively identifies the attacking reality from attacking attempts, and meanwhile reduces the number of worthless security alarms.
IET NetworksCOMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
5.00
自引率
0.00%
发文量
41
审稿时长
33 weeks
期刊介绍:
IET Networks covers the fundamental developments and advancing methodologies to achieve higher performance, optimized and dependable future networks. IET Networks is particularly interested in new ideas and superior solutions to the known and arising technological development bottlenecks at all levels of networking such as topologies, protocols, routing, relaying and resource-allocation for more efficient and more reliable provision of network services. Topics include, but are not limited to: Network Architecture, Design and Planning, Network Protocol, Software, Analysis, Simulation and Experiment, Network Technologies, Applications and Services, Network Security, Operation and Management.