{"title":"XSS检测与在线社交网络上的自动视图隔离","authors":"Pooja Chaudhary, B. Gupta, S. Yamaguchi","doi":"10.1109/GCCE.2016.7800354","DOIUrl":null,"url":null,"abstract":"Online Social Networks (OSNs) are continuously suffering from the negative impact of Cross-Site Scripting (XSS) vulnerabilities. This paper describes a novel framework for mitigating XSS attack on OSN-based platforms. It is completely based on the request authentication and view isolation approach. It detects XSS attack through validating string value extracted from the vulnerable checkpoint present in the web page by implementing string examination algorithm with the help of XSS attack vector repository. Any similarity (i.e. string is not validated) indicates the presence of malicious code injected by the attacker and finally it removes the script code to mitigate XSS attack. To assess the defending ability of our designed model, we have tested it on OSN-based web application i.e. Humhub. The experimental results revealed that our model discovers the XSS attack vectors with low false negatives and false positive rate tolerable performance overhead.","PeriodicalId":416104,"journal":{"name":"2016 IEEE 5th Global Conference on Consumer Electronics","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"XSS detection with automatic view isolation on online social network\",\"authors\":\"Pooja Chaudhary, B. Gupta, S. Yamaguchi\",\"doi\":\"10.1109/GCCE.2016.7800354\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Online Social Networks (OSNs) are continuously suffering from the negative impact of Cross-Site Scripting (XSS) vulnerabilities. This paper describes a novel framework for mitigating XSS attack on OSN-based platforms. It is completely based on the request authentication and view isolation approach. It detects XSS attack through validating string value extracted from the vulnerable checkpoint present in the web page by implementing string examination algorithm with the help of XSS attack vector repository. Any similarity (i.e. string is not validated) indicates the presence of malicious code injected by the attacker and finally it removes the script code to mitigate XSS attack. To assess the defending ability of our designed model, we have tested it on OSN-based web application i.e. Humhub. The experimental results revealed that our model discovers the XSS attack vectors with low false negatives and false positive rate tolerable performance overhead.\",\"PeriodicalId\":416104,\"journal\":{\"name\":\"2016 IEEE 5th Global Conference on Consumer Electronics\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 5th Global Conference on Consumer Electronics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/GCCE.2016.7800354\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 5th Global Conference on Consumer Electronics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GCCE.2016.7800354","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
摘要
在线社交网络(Online Social Networks, osn)一直受到跨站点脚本(Cross-Site Scripting, XSS)漏洞的负面影响。本文描述了一种新的框架,用于减轻基于osn平台上的跨站攻击。它完全基于请求身份验证和视图隔离方法。该算法利用跨站攻击向量库实现字符串检测算法,对网页中存在的易受攻击的检查点提取的字符串值进行验证,从而检测跨站攻击。任何相似(即字符串未验证)表明存在攻击者注入的恶意代码,最后删除脚本代码以减轻XSS攻击。为了评估我们设计的模型的防御能力,我们在基于osn的web应用程序上进行了测试,即Humhub。实验结果表明,我们的模型发现了具有低假阴性和假阳性率的XSS攻击向量,可以容忍性能开销。
XSS detection with automatic view isolation on online social network
Online Social Networks (OSNs) are continuously suffering from the negative impact of Cross-Site Scripting (XSS) vulnerabilities. This paper describes a novel framework for mitigating XSS attack on OSN-based platforms. It is completely based on the request authentication and view isolation approach. It detects XSS attack through validating string value extracted from the vulnerable checkpoint present in the web page by implementing string examination algorithm with the help of XSS attack vector repository. Any similarity (i.e. string is not validated) indicates the presence of malicious code injected by the attacker and finally it removes the script code to mitigate XSS attack. To assess the defending ability of our designed model, we have tested it on OSN-based web application i.e. Humhub. The experimental results revealed that our model discovers the XSS attack vectors with low false negatives and false positive rate tolerable performance overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
