{"title":"一种保护在线用户隐私免受在线社交网络XSS蠕虫侵害的框架","authors":"Pooja Chaudhary, B. Gupta, Shashank Gupta","doi":"10.4018/IJITWE.2019010105","DOIUrl":null,"url":null,"abstract":"This article presents a hybrid framework i.e. OXSSD (Online Social Network-Based XSS-Defender) that explores cross-site scripting (XSS) attack vectors at the vulnerable points in web applications of social networks. Initially, during training phase, it generates the views for each request and formulates the access control list (ACL) which encompasses all the privileges a view can have. It also ascertains all possible injection points for extracting malicious attack vectors. Secondly, during recognition phase, after action authentication XSS attack vectors are retrieved from the extracted injection points followed by the clustering of these attack vectors. Finally, it sanitizes the compressed clustered template in a context-aware manner. This context-aware sanitization ensures efficient and accurate alleviation of XSS attacks from the OSN-based web applications. The authors will evaluate the detection capability of OXSSD on a tested suite of real world OSN-based web applications (Humhub, Elgg, WordPress, Drupal and Joomla). The performance analysis revealed that OXSSD detects injection of illicit attack vectors with very low false positives, false negatives and acceptable performance overhead.","PeriodicalId":222340,"journal":{"name":"Int. J. Inf. Technol. Web Eng.","volume":"283 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A Framework for Preserving the Privacy of Online Users Against XSS Worms on Online Social Network\",\"authors\":\"Pooja Chaudhary, B. Gupta, Shashank Gupta\",\"doi\":\"10.4018/IJITWE.2019010105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article presents a hybrid framework i.e. OXSSD (Online Social Network-Based XSS-Defender) that explores cross-site scripting (XSS) attack vectors at the vulnerable points in web applications of social networks. Initially, during training phase, it generates the views for each request and formulates the access control list (ACL) which encompasses all the privileges a view can have. It also ascertains all possible injection points for extracting malicious attack vectors. Secondly, during recognition phase, after action authentication XSS attack vectors are retrieved from the extracted injection points followed by the clustering of these attack vectors. Finally, it sanitizes the compressed clustered template in a context-aware manner. This context-aware sanitization ensures efficient and accurate alleviation of XSS attacks from the OSN-based web applications. The authors will evaluate the detection capability of OXSSD on a tested suite of real world OSN-based web applications (Humhub, Elgg, WordPress, Drupal and Joomla). The performance analysis revealed that OXSSD detects injection of illicit attack vectors with very low false positives, false negatives and acceptable performance overhead.\",\"PeriodicalId\":222340,\"journal\":{\"name\":\"Int. J. Inf. Technol. Web Eng.\",\"volume\":\"283 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Inf. Technol. Web Eng.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJITWE.2019010105\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Technol. Web Eng.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJITWE.2019010105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
摘要
本文介绍了一个混合框架,即OXSSD (Online Social Network-Based XSS- defender),它探索了社交网络web应用程序中易受攻击点的跨站点脚本(XSS)攻击向量。最初,在训练阶段,它为每个请求生成视图,并制定访问控制列表(ACL),其中包含视图可以拥有的所有特权。它还确定了所有可能的注入点,用于提取恶意攻击向量。其次,在识别阶段,在动作认证后,从提取的注入点提取XSS攻击向量,并对这些攻击向量进行聚类。最后,它以上下文感知的方式对压缩的集群模板进行清理。这种上下文感知的清理确保了有效和准确地减轻来自基于osn的web应用程序的XSS攻击。作者将评估OXSSD在真实世界中基于osn的web应用程序(Humhub, Elgg, WordPress, Drupal和Joomla)上的检测能力。性能分析表明,OXSSD检测非法攻击向量注入的假阳性和假阴性非常低,性能开销也可以接受。
A Framework for Preserving the Privacy of Online Users Against XSS Worms on Online Social Network
This article presents a hybrid framework i.e. OXSSD (Online Social Network-Based XSS-Defender) that explores cross-site scripting (XSS) attack vectors at the vulnerable points in web applications of social networks. Initially, during training phase, it generates the views for each request and formulates the access control list (ACL) which encompasses all the privileges a view can have. It also ascertains all possible injection points for extracting malicious attack vectors. Secondly, during recognition phase, after action authentication XSS attack vectors are retrieved from the extracted injection points followed by the clustering of these attack vectors. Finally, it sanitizes the compressed clustered template in a context-aware manner. This context-aware sanitization ensures efficient and accurate alleviation of XSS attacks from the OSN-based web applications. The authors will evaluate the detection capability of OXSSD on a tested suite of real world OSN-based web applications (Humhub, Elgg, WordPress, Drupal and Joomla). The performance analysis revealed that OXSSD detects injection of illicit attack vectors with very low false positives, false negatives and acceptable performance overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
