Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

  • Rathore, Shailendra (Dept. of Computer Science and Engineering, Seoul National University of Science & Technology (SeoulTech)) ;
  • Sharma, Pradip Kumar (Dept. of Computer Science and Engineering, Seoul National University of Science & Technology (SeoulTech)) ;
  • Park, Jong Hyuk (Dept. of Computer Science and Engineering, Seoul National University of Science & Technology (SeoulTech))
  • Received : 2017.03.02
  • Accepted : 2017.05.30
  • Published : 2017.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as cross-site scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learning-based approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

Keywords

References

  1. D. H. Lee, "Personalizing information using users' online social networks: a case study of CiteULike," Journal of Information Processing Systems, vol. 11, no. 1, pp. 1-21, 2015 https://doi.org/10.3745/JIPS.04.0014
  2. J. Kim, D. H. Yao, H. Jang, and K. Jeong, "WebSHArk 1.0: a benchmark collection for malicious web shell detection," Journal of Information Processing Systems, vol. 11, no. 2, pp. 229-238, 2015 https://doi.org/10.3745/JIPS.03.0026
  3. Y. Zhang, X. Wang, Q. Luo, and Q. Liu, "Cross-site scripting attacks in social network APIs," in Proceedings of Workshop on WEB 2.0 Security and Privacy (W2SP 2013), San Francisco, CA, 2013.
  4. I. Hydara, A. B. M. Sultan, H. Zulzalil, and N. Admodisastro, "Current state of research on cross-site scripting (XSS): a systematic literature review," Information and Software Technology, vol. 58, pp. 170-186, 2015 https://doi.org/10.1016/j.infsof.2014.07.010
  5. M. K Gupta, M. C. Govil, and G. Singh, "Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: a survey," in Proceedings of the Recent Advances and Innovations in Engineering (ICRAIE), Jaipur, India, 2014, pp. 1-5
  6. Y. Cao, V. Yegneswaran, P. Possas, and Y. Chen, "Pathcutter: severing the self-propagation path of XSS JavaScript Worms in social web networks," in Proceedings of the Network and Distributed System Security Symposium (NDSS'12), San Diego, CA, 2012, pp. 1-14
  7. L. Constantin, "New Chinese social networking worm discovered," 2009 [Online]. Available: http://news.softpedia.com/news/New-Chinese-Social-Networking-Worm-Discovered-120021.shtml.
  8. Technical explanation of The MySpace Worm [Online]. Available: https://samy.pl/popular/tech.html.
  9. G. Cluley, "Cross-platform Boonana Trojan targets Facebook users," 2010 [Online]. Available: https://nakedsecurity.sophos.com/2010/10/28/cross-platform-worm-targets-facebook-users/.
  10. Hackagon, "XSS attack," 2016 [Online]. Available: http://hackagon.com/xss-attack/.
  11. P. Likarish, E. Jung, and I. Jo, "Obfuscated malicious JavaScript detection using classification techniques," in Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE), Montreal, Canada, 2009, pp. 47-54.
  12. A. E. Nunan, E. Souto, E. M. dos Santos, and E. Feitosa, "Automatic classification of cross-site scripting in webpages using document-based and URL-based features," in Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Cappadocia, Turkey, 2012, pp. 000702-000707.
  13. F. Sun, L. Xu, and Z. Su, "Client-side detection of XSS worms by monitoring payload propagation," in Proceedings of the 14th European Symposium on Research in Computer Security, Saint-Malo, France, 2009, pp. 539-554.
  14. V. B. Livshits and W. Cui, "Spectator: detection and containment of JavaScript Worms," in Proceedings of the USENIX Annual Technical Conference, Boston, MA, 2008, pp. 335-348.
  15. M. Ter Louw and V. N. Venkatakrishnan, "Blueprint: robust prevention of cross-site scripting attacks for existing browsers," in Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, Oakland, CA, 2009, pp. 331-346.
  16. W. Xu, F. Zhang, and S. Zhu, "Toward worm detection in online social networks," in Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC'10), Austin, TX, 2010, pp. 11-20.
  17. M. A. Ahmed, and F. Ali, "Multiple-path testing for cross site scripting using genetic algorithms," Journal of Systems Architecture, vol. 64, pp. 50-62, 2016 https://doi.org/10.1016/j.sysarc.2015.11.001
  18. C. H. Wang and Y. S. Zhou, "A new cross-site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions," in Proceedings of the 2016 International Computer Symposium (ICS), Chiayi, Taiwan, 2016, pp. 264-269.
  19. Common Attack Pattern Enumeration and Classification, "CAPEC-72: URL encoding," 2017 [Online]. Available: https://capec.mitre.org/data/definitions/72.html.
  20. Y. S. Hwang, J. B. Kwon, J. C. Moon, and S. J. Cho, "Classifying malicious webpages by using an adaptive support vector machine," Journal of Information Processing Systems, vol. 9, no. 3, pp. 395-404, 2013. https://doi.org/10.3745/JIPS.2013.9.3.395
  21. R. Wang, X. Jia, Q. Li, and D. Zhang, "Improved N-gram approach for cross-site scripting detection in online social network," in Proceedings of the Science and Information Conference (SAI), London, UK, 2015, pp. 1206-1212.
  22. XSS attacks information [Online]. Available: http://www.xssed.com/.
  23. Alexa, "The top 500 sites on the web," 2017 [Online]. Available: http://www.alexa.com/topsites.
  24. Elgg Foundation, "Introducing a powerful open source social networking engine," [Online]. Available: https://elgg.org/.
  25. Weka 3: data mining software in Java [Online]. Available: http://www.cs.waikato.ac.nz/ml/weka/.
  26. K. M. Prabusankarlal, P. Thirumoorthy, and R. Manavalan, "Assessment of combined textural and morphological features for diagnosis of breast masses in ultrasound," Human-centric Computing and Information Sciences, vol. 5, no. 1, pp. 1-17, 2015. https://doi.org/10.1186/s13673-014-0018-6
  27. C. Chantrapornchai and P. Nusawat, "Two machine learning models for mobile phone battery discharge rate prediction based on usage patterns," Journal of Information Processing Systems, vol. 12, no. 3, pp. 436-454, 2016. https://doi.org/10.3745/JIPS.03.0048
  28. J. H. Choi, H. S. Shin, and A. Nasridinov, "A comparative study on data mining classification techniques for military applications," Journal of Convergence, vol. 7, pp. 1-7, 2016.
  29. R. Wang, X. Jia, Q. Li, and S. Zhang, "Machine learning based cross-site scripting detection in online social network," in Proceedings of the 2014 IEEE International Conference on High Performance Computing and Communications (HPSS), 2014 IEEE 6th International Symposium on Cyberspace Safety and Security (CSS), and 2014 IEEE 11th International Conference on Embedded Software and Systems (ICESS), Paris, France, 2014, pp. 823-826.

Cited by

  1. Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat vol.10, pp.1, 2018, https://doi.org/10.3390/sym10010014