{"title":"XSSD:跨站点脚本攻击数据集及其评估","authors":"Upasana Sarmah, D. Bhattacharyya, J. Kalita","doi":"10.1109/ISEA-ISAP49340.2020.234995","DOIUrl":null,"url":null,"abstract":"Cross-site Scripting (abbreviated as XSS) attacks are application level code injection attacks where a malicious user injects malicious scripts into the legitimate code of a Web application used by the victim. To defend against such attacks, a number of defense mechanisms have been proposed over the years. The evaluation of the efficiency and the accuracy of a defense mechanism requires the use of a suitable relevant dataset. The unavailability of such an XSS feature dataset is a bottleneck in conducting research. To overcome this problem, we propose a data preparation framework, the result of which is an XSS feature dataset, referred to as XSSD (XSS Dataset). The dataset preparation framework consists of three stages and four modules, all of which are essential to support extraction of several URL-based and script-based features. We evaluate the dataset we generate with the help of five benchmark classifiers, and validate classification results in terms of ROC.","PeriodicalId":235855,"journal":{"name":"2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"XSSD: A Cross-site Scripting Attack Dataset and its Evaluation\",\"authors\":\"Upasana Sarmah, D. Bhattacharyya, J. Kalita\",\"doi\":\"10.1109/ISEA-ISAP49340.2020.234995\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cross-site Scripting (abbreviated as XSS) attacks are application level code injection attacks where a malicious user injects malicious scripts into the legitimate code of a Web application used by the victim. To defend against such attacks, a number of defense mechanisms have been proposed over the years. The evaluation of the efficiency and the accuracy of a defense mechanism requires the use of a suitable relevant dataset. The unavailability of such an XSS feature dataset is a bottleneck in conducting research. To overcome this problem, we propose a data preparation framework, the result of which is an XSS feature dataset, referred to as XSSD (XSS Dataset). The dataset preparation framework consists of three stages and four modules, all of which are essential to support extraction of several URL-based and script-based features. We evaluate the dataset we generate with the help of five benchmark classifiers, and validate classification results in terms of ROC.\",\"PeriodicalId\":235855,\"journal\":{\"name\":\"2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISEA-ISAP49340.2020.234995\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISEA-ISAP49340.2020.234995","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
XSSD: A Cross-site Scripting Attack Dataset and its Evaluation
Cross-site Scripting (abbreviated as XSS) attacks are application level code injection attacks where a malicious user injects malicious scripts into the legitimate code of a Web application used by the victim. To defend against such attacks, a number of defense mechanisms have been proposed over the years. The evaluation of the efficiency and the accuracy of a defense mechanism requires the use of a suitable relevant dataset. The unavailability of such an XSS feature dataset is a bottleneck in conducting research. To overcome this problem, we propose a data preparation framework, the result of which is an XSS feature dataset, referred to as XSSD (XSS Dataset). The dataset preparation framework consists of three stages and four modules, all of which are essential to support extraction of several URL-based and script-based features. We evaluate the dataset we generate with the help of five benchmark classifiers, and validate classification results in terms of ROC.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
