Implementation of PSO Algorithm for Detection and Removal of XSS Attack
DOI:
https://doi.org/10.32628/CSEIT22857Keywords:
ACO, PSO, XSS, SQL, FDR, FS, Dataset, Train, Test, Attack, Genetic Algorithm.Abstract
In recent years, managing the security over the web has gained its importance. Use of appropriate security handling techniques help to solve controversies and to extract interesting scenarios based on the content of the web page. Many varieties of vulnerabilities prevail and Cross-Site Scripting (XSS) vulnerability is ranked among the top ten risks found over the web which is a mandatory issue that requires a solution. XSS vulnerability injects malicious code in many ways that rise during the browsing session. Analysis should be made over the web page to identify whether the page is vulnerable or not. A dataset is formulated that contains malicious and benign data. Malicious data are obtained from the XSS archive [source: www.xssed.com] which contains the vulnerable XSS web pages and benign data are the web pages that are obtained through queries from the Google search engine. The major constraint is the number of Lines of Code (LOC) present in the web page. Five samples from the dataset were considered and algorithms are applied. About 24 attributes are used by the classifier. The samples vary in terms of content and size. Different optimization techniques are applied and the results are analyzed. Evaluation measures like Detection Rate (DR), False Detection Rate (FDR) and F Score (FS) are calculated based on the Confusion Matrix. The final content obtained after the „XSS Handler phase? that is to be displayed on the browser is tested using black box testing technique and also using XSS and SQL Injection Scanner tool. The tool is capable of identifying promising XSS code available in web pages. Based on the experiments, it was observed that the generation of paths using PPACO achieves better results in terms of DR, FDR and FS than other algorithms.
References
- Adi, E 2012, „A design of a proxy inspired from human immune system to detect SQL injection and cross-site scripting‟, Procedia Engineering, vol. 50, pp. 19–28.
- Adi, E & Salomo, I 2010, „Detect and sanitise encoded cross-site scripting and SQL injection attack strings using a hash map‟, Australian Information Security Management Conference.
- Ahmed, AA & Ali, F 2016, „Multiple-path testing for cross site scripting using genetic algorithms‟, Journal of Systems Architecture, vol. 64, pp.50-62.
- Alfaro, JG & Arribas, GN 2007, „Prevention of Cross-Site Scripting Attacks on Current Web Applications‟, OTM confederated International Conference On the Move to Meaningful Internet Systems, pp. 1770-1784.
- Anupam, V& Mayer, A, 1998,‟Secure Web Scripting‟, IEEE Journal of Internet Computing, vol. 2, no. 6, pp. 46-55.
- Arulsuju, D 2011, ‟Hunting Malicious Attacks in Social Networks‟, Proceedings of 3rd International Conference on in Advanced Computing, pp. 13–17.
- Avancini, A, Ceccato, M & Kessler, FB 2012, „Grammar Based Oracle for Security Testing of Web Applications‟, 7th International Workshop on Automation of Software Test , pp. 15–21.
- Barhoom, TS & Kohail, SN 2011, „A new server-side solution for detecting cross site scripting attack‟, International Journal of Computational Information System, vol. 3, no. 2, pp. 19–23.
- Bates, D, Barth, A & Jackson, C 2010, „Regular Expressions Considered Harmful in Client-side XSS Filters‟, Proceedings of the 19thInternational Conference on World Wide Web, pp. 9.
- Bau, J, Wang, F, Bursztein, E, Mutchler, P & Mitchell, JC 2012, Vulnerability Factors in New Web Applications: Audit Tools, Developer Selection & Languages‟, Stanford Technical Report
- Bojinov, H, Bursztein, E & Boneh, D 2009, ‟XCS: Cross Channel Scripting and its Impact on Web Applications‟, Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 420– 43
- Booker, LB, Goldberg, DE& Holland, JH 1989, „Classifier systems and genetic algorithms‟, Artificial Intelligence, vol. 40, no. 1-3, pp. 235-282
- Brinhosa, RB, Westphall, CM & Westphall, CB 2012, „Proposal and Development of the Web Services Input Validation Model‟, IEEE Network Operations and Management Symposium, pp. 643–646.
- Cao, Y, Yegneswaran, V, Porras, P & Chen, Y 2011, ‟POSTER:A Path Cutting Approach to Blocking XSS Worms in Social Web Networks‟, Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 745–747
- Cyber Security Survey 2016, Available from:<http://www.businessinsider.com/cybersecurity-report-threats-and opportunities- 2016
Downloads
Published
Issue
Section
License
Copyright (c) IJSRCSEIT

This work is licensed under a Creative Commons Attribution 4.0 International License.