Implementation of PSO Algorithm for Detection and Removal of XSS Attack

Authors

  • Bhanwar Lal  Research (MTech) Scholar (CSE), Shekhawati Institute of Engineering and Technology, Sikar, Rajasthan, India
  • Irfan Khan  Assistant Professor (CSE), 1Shekhawati Institute of Engineering and Technology, Sikar, Rajasthan, India

DOI:

https://doi.org/10.32628/CSEIT22857

Keywords:

ACO, PSO, XSS, SQL, FDR, FS, Dataset, Train, Test, Attack, Genetic Algorithm.

Abstract

In recent years, managing the security over the web has gained its importance. Use of appropriate security handling techniques help to solve controversies and to extract interesting scenarios based on the content of the web page. Many varieties of vulnerabilities prevail and Cross-Site Scripting (XSS) vulnerability is ranked among the top ten risks found over the web which is a mandatory issue that requires a solution. XSS vulnerability injects malicious code in many ways that rise during the browsing session. Analysis should be made over the web page to identify whether the page is vulnerable or not. A dataset is formulated that contains malicious and benign data. Malicious data are obtained from the XSS archive [source: www.xssed.com] which contains the vulnerable XSS web pages and benign data are the web pages that are obtained through queries from the Google search engine. The major constraint is the number of Lines of Code (LOC) present in the web page. Five samples from the dataset were considered and algorithms are applied. About 24 attributes are used by the classifier. The samples vary in terms of content and size. Different optimization techniques are applied and the results are analyzed. Evaluation measures like Detection Rate (DR), False Detection Rate (FDR) and F Score (FS) are calculated based on the Confusion Matrix. The final content obtained after the „XSS Handler phase? that is to be displayed on the browser is tested using black box testing technique and also using XSS and SQL Injection Scanner tool. The tool is capable of identifying promising XSS code available in web pages. Based on the experiments, it was observed that the generation of paths using PPACO achieves better results in terms of DR, FDR and FS than other algorithms.

References

  1. Adi, E 2012, „A design of a proxy inspired from human immune system to detect SQL injection and cross-site scripting‟, Procedia Engineering, vol. 50, pp. 19–28.
  2. Adi, E & Salomo, I 2010, „Detect and sanitise encoded cross-site  scripting and SQL injection attack strings using a hash map‟, Australian Information Security Management Conference.
  3. Ahmed, AA & Ali, F 2016, „Multiple-path testing for cross site scripting using genetic algorithms‟, Journal of Systems Architecture, vol. 64,  pp.50-62.
  4. Alfaro, JG & Arribas, GN 2007, „Prevention of Cross-Site Scripting  Attacks on Current Web Applications‟, OTM confederated International Conference On the Move to Meaningful Internet Systems, pp. 1770-1784.
  5. Anupam, V& Mayer, A, 1998,‟Secure Web Scripting‟, IEEE Journal of  Internet Computing, vol. 2, no. 6, pp. 46-55.
  6. Arulsuju, D 2011, ‟Hunting Malicious Attacks in Social Networks‟, Proceedings of 3rd International Conference on in Advanced Computing, pp. 13–17.
  7. Avancini, A, Ceccato, M & Kessler, FB 2012, „Grammar Based Oracle  for Security Testing of Web Applications‟, 7th International Workshop on Automation of Software Test , pp. 15–21.
  8. Barhoom, TS & Kohail, SN 2011, „A new server-side solution for detecting cross site scripting attack‟, International Journal of Computational Information System, vol. 3, no. 2, pp. 19–23.
  9. Bates, D, Barth, A & Jackson, C 2010, „Regular Expressions Considered Harmful in Client-side XSS Filters‟, Proceedings of the 19thInternational Conference on World Wide Web, pp. 9.
  10. Bau, J, Wang, F, Bursztein, E, Mutchler, P & Mitchell, JC 2012, Vulnerability Factors in New Web Applications: Audit Tools, Developer Selection & Languages‟, Stanford Technical Report
  11. Bojinov, H, Bursztein, E & Boneh, D 2009, ‟XCS: Cross Channel Scripting and its Impact on Web Applications‟, Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 420– 43
  12. Booker, LB, Goldberg, DE& Holland, JH 1989, „Classifier systems and genetic algorithms‟, Artificial Intelligence, vol. 40, no. 1-3, pp. 235-282
  13. Brinhosa, RB, Westphall, CM & Westphall, CB 2012, „Proposal and Development of the Web Services Input Validation Model‟, IEEE Network Operations and Management Symposium, pp. 643–646.
  14. Cao, Y, Yegneswaran, V, Porras, P & Chen, Y 2011, ‟POSTER:A Path Cutting Approach to Blocking XSS Worms in Social Web Networks‟, Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 745–747
  15. Cyber Security Survey 2016, Available from:<http://www.businessinsider.com/cybersecurity-report-threats-and opportunities- 2016

Downloads

Published

2022-10-30

Issue

Section

Research Articles

How to Cite

[1]
Bhanwar Lal, Irfan Khan, " Implementation of PSO Algorithm for Detection and Removal of XSS Attack " International Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 8, Issue 5, pp.39-51, September-October-2022. Available at doi : https://doi.org/10.32628/CSEIT22857