Araştırma Makalesi
BibTex RIS Kaynak Göster

Malicious XSS Code Detection with Decision Tree

Yıl 2020, Cilt: 23 Sayı: 1, 67 - 72, 01.03.2020
https://doi.org/10.2339/politeknik.470332

Öz

Dynamic applications such as e-commerce, blogs, forums, e-governance, e-banking and portals that are in these platforms have become a part of our lives. However, a tremendous increase in the use of dynamic web and mobile applications has resulted in security vulnerabilities originating from the Hypertext Markup Language (HTML) coding system. Site-to-site Script Execution (XSS) attack is the largest contributors to security exploits. There are different models according to the dynamic content that XSS attacks use. The interest of the study is composed of attacks on visual content with the "img" tag. In study, an algorithm has been developed to detect XSS attacks with the decision tree which is motivated by the fact that they tend to be easier to implement and interpret than other quantitative data-driven methods. The algorithm that successfully classifies 392 of 400 malicious and clean codes in the data set with 8 different features. This result contributes to the use of secure internet without XSS attacks that use visual content..

Kaynakça

  • Ömer Kasim, “Evolving Web Process and Security”, 9. International Conference on Information Security and Cryptology, (2016). Wichers Dave, “https://www.. owasp.org/index.php/Top_10_2013-Top_10”, Date of Access: 15.07.2017.
  • Garcia Alfaro, Navarro Arribas, "Prevention Of Cross-Site Scripting Attacks On Current Web Applications Greece", Proceedings of The OTM Confederated International, (2007).
  • Yusof Imran, Al-Sakib Khan Pathan, "Preventing Persistent Cross-Site Scripting (XSS) Attack By Applying Pattern Filtering Approach", IEEE The 5th International Conference On Information And Communication Technology, (2014).
  • Jasmine M. S., Kirthiga Devi, Geogen George. "Detecting XSS Based Web Application Vulnerabilities", International Journal Of Computer Technology & Applications, Pp. 291-297, (2017).
  • Gupta, B. B., Gupta, S., Gangwar, S., Kumar, M., Meena, P. K., “Cross-Site Scripting (XSS) Abuse And Defense: Exploitation On Several Testing Bed Environments And Its Defense.” Journal Of Information Privacy And Security, Vol.11, No.2, Pp. 118-136, (2015).
  • Dong, Ri-Zhan, Jie Ling, And Yi Liu. "DOM Based XSS Detecting Method Based On Phantomjs." Proceedings Of The International Conference On Applied Mechanics, Mechatronics And Intelligent Systems, (2015).
  • Vural, Yılmaz, Şeref SAĞIROĞLU. "Kurumsal Bilgi Güvenliği Ve Standartları Üzerine Bir İnceleme." Gazi Üniversitesi Journal of Faculty of Engineering and Architecture Vol.23, No.2, (2008).
  • S. Saha, “Consideration Points Detecting Cross-Site Scripting," International Journal Of Computer Science And Information Security, Vol. 4, No. 1, (2009).
  • Zou, Cliff Changchun, Weibo Gong, Don Towsley. "Code Red Worm Propagation Modeling And Analysis." Proceedings Of The 9th ACM Conference On Computer And Communications Security, (2002).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference On Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Baykara Muhammet, Resul Daş, İsmail Karadoğan. "Bilgi Güvenliği Sistemlerinde Kullanılan Araçların İncelenmesi." 1st International Symposium On Digital Forensics And Security, Vol. 27. (2013).
  • GA Di Lucca, AR Fasolino, M Mastoianni, "Identifying Cross Site Scripting Vulnerabilities In Web Applications." Sixth IEEE International Workshop On Web Site Evolution, (2004).
  • Bhuyan, Monowar H., Dhruba K. Bhattacharyya, Jugal K. Kalita. "Survey On Incremental Approaches For Network Anomaly Detection." Arxiv Preprint Arxiv:1211.4493, (2012).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference on Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Boro, Debojit, Dhruba K. Bhattacharyya. "Dyprosd: A Dynamic Protocol Specific Defense For High-Rate Ddos Flooding Attacks.", Microsystem Technologies, Pp. 593-611, (2017).
  • Shahriar, Hossain, Vamshee Krishna Devendran, Hisham Haddad. "Proclick: A Framework For Testing Clickjacking Attacks In Web Applications." Proceedings Of The 6th International Conference On Security Of Information And Networks, (2013).
  • S Goswami, N Hoque, DK Bhattacharyya "An Unsupervised Method For Detection Of XSS Attack." International Journal Of Network Security, Vol.19, No.5, Pp.761-775, Sept. (2017).
  • Likarish, Peter, Eunjin Jung, Insoon Jo, "Obfuscated Malicious Javascript Detection Using Classification Techniques.", IEEE 4th International Conference On Malicious And Unwanted Software, (2009).
  • Sheet, XSS Filter Evasion Cheat, “https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_

Malicious XSS Code Detection with Decision Tree

Yıl 2020, Cilt: 23 Sayı: 1, 67 - 72, 01.03.2020
https://doi.org/10.2339/politeknik.470332

Öz

Dynamic applications such as e-commerce, blogs, forums, e-governance, e-banking and portals that are in these platforms have become a part of our lives. However, a tremendous increase in the use of dynamic web and mobile applications has resulted in security vulnerabilities originating from the Hypertext Markup Language (HTML) coding system. Site-to-site Script Execution (XSS) attack is the largest contributors to security exploits. There are different models according to the dynamic content that XSS attacks use. The interest of the study is composed of attacks on visual content with the "img" tag. In study, an algorithm has been developed to detect XSS attacks with the decision tree which is motivated by the fact that they tend to be easier to implement and interpret than other quantitative data-driven methods. The algorithm that successfully classifies 392 of 400 malicious and clean codes in the data set with 8 different features. This result contributes to the use of secure internet without XSS attacks that use visual content..

Kaynakça

  • Ömer Kasim, “Evolving Web Process and Security”, 9. International Conference on Information Security and Cryptology, (2016). Wichers Dave, “https://www.. owasp.org/index.php/Top_10_2013-Top_10”, Date of Access: 15.07.2017.
  • Garcia Alfaro, Navarro Arribas, "Prevention Of Cross-Site Scripting Attacks On Current Web Applications Greece", Proceedings of The OTM Confederated International, (2007).
  • Yusof Imran, Al-Sakib Khan Pathan, "Preventing Persistent Cross-Site Scripting (XSS) Attack By Applying Pattern Filtering Approach", IEEE The 5th International Conference On Information And Communication Technology, (2014).
  • Jasmine M. S., Kirthiga Devi, Geogen George. "Detecting XSS Based Web Application Vulnerabilities", International Journal Of Computer Technology & Applications, Pp. 291-297, (2017).
  • Gupta, B. B., Gupta, S., Gangwar, S., Kumar, M., Meena, P. K., “Cross-Site Scripting (XSS) Abuse And Defense: Exploitation On Several Testing Bed Environments And Its Defense.” Journal Of Information Privacy And Security, Vol.11, No.2, Pp. 118-136, (2015).
  • Dong, Ri-Zhan, Jie Ling, And Yi Liu. "DOM Based XSS Detecting Method Based On Phantomjs." Proceedings Of The International Conference On Applied Mechanics, Mechatronics And Intelligent Systems, (2015).
  • Vural, Yılmaz, Şeref SAĞIROĞLU. "Kurumsal Bilgi Güvenliği Ve Standartları Üzerine Bir İnceleme." Gazi Üniversitesi Journal of Faculty of Engineering and Architecture Vol.23, No.2, (2008).
  • S. Saha, “Consideration Points Detecting Cross-Site Scripting," International Journal Of Computer Science And Information Security, Vol. 4, No. 1, (2009).
  • Zou, Cliff Changchun, Weibo Gong, Don Towsley. "Code Red Worm Propagation Modeling And Analysis." Proceedings Of The 9th ACM Conference On Computer And Communications Security, (2002).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference On Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Baykara Muhammet, Resul Daş, İsmail Karadoğan. "Bilgi Güvenliği Sistemlerinde Kullanılan Araçların İncelenmesi." 1st International Symposium On Digital Forensics And Security, Vol. 27. (2013).
  • GA Di Lucca, AR Fasolino, M Mastoianni, "Identifying Cross Site Scripting Vulnerabilities In Web Applications." Sixth IEEE International Workshop On Web Site Evolution, (2004).
  • Bhuyan, Monowar H., Dhruba K. Bhattacharyya, Jugal K. Kalita. "Survey On Incremental Approaches For Network Anomaly Detection." Arxiv Preprint Arxiv:1211.4493, (2012).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference on Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Boro, Debojit, Dhruba K. Bhattacharyya. "Dyprosd: A Dynamic Protocol Specific Defense For High-Rate Ddos Flooding Attacks.", Microsystem Technologies, Pp. 593-611, (2017).
  • Shahriar, Hossain, Vamshee Krishna Devendran, Hisham Haddad. "Proclick: A Framework For Testing Clickjacking Attacks In Web Applications." Proceedings Of The 6th International Conference On Security Of Information And Networks, (2013).
  • S Goswami, N Hoque, DK Bhattacharyya "An Unsupervised Method For Detection Of XSS Attack." International Journal Of Network Security, Vol.19, No.5, Pp.761-775, Sept. (2017).
  • Likarish, Peter, Eunjin Jung, Insoon Jo, "Obfuscated Malicious Javascript Detection Using Classification Techniques.", IEEE 4th International Conference On Malicious And Unwanted Software, (2009).
  • Sheet, XSS Filter Evasion Cheat, “https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_
Toplam 19 adet kaynakça vardır.

Ayrıntılar

Birincil Dil İngilizce
Konular Mühendislik
Bölüm Araştırma Makalesi
Yazarlar

Ömer Kasım 0000-0003-4021-5412

Yayımlanma Tarihi 1 Mart 2020
Gönderilme Tarihi 14 Ekim 2018
Yayımlandığı Sayı Yıl 2020 Cilt: 23 Sayı: 1

Kaynak Göster

APA Kasım, Ö. (2020). Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi, 23(1), 67-72. https://doi.org/10.2339/politeknik.470332
AMA Kasım Ö. Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi. Mart 2020;23(1):67-72. doi:10.2339/politeknik.470332
Chicago Kasım, Ömer. “Malicious XSS Code Detection With Decision Tree”. Politeknik Dergisi 23, sy. 1 (Mart 2020): 67-72. https://doi.org/10.2339/politeknik.470332.
EndNote Kasım Ö (01 Mart 2020) Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi 23 1 67–72.
IEEE Ö. Kasım, “Malicious XSS Code Detection with Decision Tree”, Politeknik Dergisi, c. 23, sy. 1, ss. 67–72, 2020, doi: 10.2339/politeknik.470332.
ISNAD Kasım, Ömer. “Malicious XSS Code Detection With Decision Tree”. Politeknik Dergisi 23/1 (Mart 2020), 67-72. https://doi.org/10.2339/politeknik.470332.
JAMA Kasım Ö. Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi. 2020;23:67–72.
MLA Kasım, Ömer. “Malicious XSS Code Detection With Decision Tree”. Politeknik Dergisi, c. 23, sy. 1, 2020, ss. 67-72, doi:10.2339/politeknik.470332.
Vancouver Kasım Ö. Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi. 2020;23(1):67-72.
 
TARANDIĞIMIZ DİZİNLER (ABSTRACTING / INDEXING)
181341319013191 13189 13187 13188 18016

download Bu eser Creative Commons Atıf-AynıLisanslaPaylaş 4.0 Uluslararası ile lisanslanmıştır.