A Framework for Preserving the Privacy of Online Users Against XSS Worms on Online Social Network

Author:

Chaudhary Pooja1ORCID,Gupta B. B.1,Gupta Shashank2ORCID

Affiliation:

1. National Institute of Technology, Kurukshetra, Kurukshetra, Haryana, India

2. Birla Institute of Technology and Science, Pilani, India

Abstract

This article presents a hybrid framework i.e. OXSSD (Online Social Network-Based XSS-Defender) that explores cross-site scripting (XSS) attack vectors at the vulnerable points in web applications of social networks. Initially, during training phase, it generates the views for each request and formulates the access control list (ACL) which encompasses all the privileges a view can have. It also ascertains all possible injection points for extracting malicious attack vectors. Secondly, during recognition phase, after action authentication XSS attack vectors are retrieved from the extracted injection points followed by the clustering of these attack vectors. Finally, it sanitizes the compressed clustered template in a context-aware manner. This context-aware sanitization ensures efficient and accurate alleviation of XSS attacks from the OSN-based web applications. The authors will evaluate the detection capability of OXSSD on a tested suite of real world OSN-based web applications (Humhub, Elgg, WordPress, Drupal and Joomla). The performance analysis revealed that OXSSD detects injection of illicit attack vectors with very low false positives, false negatives and acceptable performance overhead.

Publisher

IGI Global

Subject

General Computer Science

Reference40 articles.

1. PHP-sensor

2. BDS: browser dependent XSS sanitizer;S.Gupta;Handbook of Research on Securing Cloud-Based Databases with Biometric Applications,2015

3. Automated discovery of javascript code injection attacks in PHP web applications.;S.Gupta;Procedia Computer Science,2016

4. Gupta, S., & Gupta, B. B. (2016, April). Alleviating the proliferation of JavaScript worms from online social network in cloud platforms. In Information and Communication Systems (ICICS), 2016 7th International Conference on (pp. 246-251). IEEE.

5. Cross-Site Scripting (XSS) abuse and defense: Exploitation on several testing bed environments and its defense. Special Issue of Secured Communication in Wireless and Wired Networks in Journal of Information Privacy and Security;B. B.Gupta;Taylor & Francis Online,2015

Cited by 6 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3