Privilege-Based Scoring System Against Cross-Site Scripting Using Machine Learning

Sunder, N. Shyam; Gireeshkumar, T.

doi:10.1007/978-81-322-2656-7_54

N. Shyam Sunder⁶ &
T. Gireeshkumar⁶

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 394))

2594 Accesses

Abstract

The attacks on the users by exploiting the vulnerabilities of the browsers have increased at an alarming rate. The existing attack prevention strategies have failed miserably in most of the situations. Moreover, users have also not taken much care of configuring their browsers securely, using available extensions and plug-ins. This proposal puts forward an advanced XSS prevention technique by introducing a new scoring system for privilege levels and vulnerability levels of the contents rendered in the browser. The java scripts rendered in the browsers are stored, classified, and analyzed using machine learning algorithms. Machine learning can also be used to predict the browser quirks and generate an attacker pattern. The security mechanisms are also implemented inside the Document Object Model (DOM) to check the execution of dynamic scripts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Barth A, Jackson C, Mitchell JC. Securing frame communication in browsers. Commun ACM. 2009;52(6):83–91.
Article Google Scholar
Chen, EY, Bau J, Reis C, Barth A, Jackson C. App isolation: get the security of multiple browsers with just one.” In Proceedings of the 18th ACM conference on computer and communications security, ACM; 2011. p. 227–238.
Google Scholar
Clark J, van Oorschot PC. SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE symposium on security and privacy (SP), 2013, IEEE; 2013. p. 511–25.
Google Scholar
Czeskis A, Moshchuk A, Kohno T, Wang HJ. Lightweight server support for browser-based csrf protection. In: Proceedings of the 22nd international conference on world wide web conferences steering committee; 2013. p. 273–284.
Google Scholar
Garcia-Alfaro J, Navarro-Arribas G. Prevention of crosssite scripting attacks on current web applications. In: On the move to meaningful internet systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. Berlin Heidelberg: Springer; 2007. p. 1770–1784
Google Scholar
Jang D, Tatlock Z, Lerner S. Establishing browser security guarantees through formal shim verification. In: Proceedings of the 21st USENIX conference on security symposium, p. 8–8. USENIX Association; 2012.
Google Scholar
Kimak, S, Ellman J, Laing C. An investigation into possible attacks on HTML5 indexed DB and their prevention. In: 13th annual post-graduate symposium on the convergence of telecommunications, networking and broadcasting (PGNet 2012), Liverpool, UK; 2012.
Google Scholar
Luo T, Du W, Soundararaj KD. Capability-based access control for web browsers; 2011.
Google Scholar
Murdoch SJ. Hardened stateless session cookies. In: Security protocols XVI. Berlin Heidelberg: Springer; 2011. p. 93–101
Google Scholar
Nikiforakis N, et al. Cookieless monster: Exploring the ecosystem of webbased device fingerprinting. In: IEEE symposium on security and privacy (SP), 2013. IEEE; 2013.
Google Scholar
Pelizzi R, Sekar R. Protection, usability and improvements in reflected XSS filters. In: ASIACCS; 2012. p. 5.
Google Scholar
Sun, F, Xu L, Su Z. Client-side detection of XSS worms by monitoring payload propagation. In: Computer Security ESORICS 2009. Berlin Heidelberg: Springer; 2009. p. 539–54.
Google Scholar
Unger T, Mulazzani M, Fruhwirt D, Huber M, Schrittwieser S, Weippl E. SHPF: enhancing HTTP (S) session security with browser fingerprinting. In: Eighth international conference on availability, reliability and security (ARES), 2013, IEEE; 2013. p. 255–61.
Google Scholar
Weinberger J, Saxena P, Akhawe D, Finifter M, Shin R, Song D. A systematic analysis of xss sanitization in web application frameworks. In: Computer security ESORICS 2011, Berlin Heidelberg: Springer; 2011. p. 150–171
Google Scholar
Zeller W, Felten EW. Cross-site request forgeries: exploitation and prevention. The New York Times;2008:1–13.
Google Scholar

Download references

Author information

Authors and Affiliations

TIFAC CORE in Cyber Security, Amrita Vishwa Vidyapeetham, Coimbatore, India
N. Shyam Sunder & T. Gireeshkumar

Authors

N. Shyam Sunder
View author publications
You can also search for this author in PubMed Google Scholar
T. Gireeshkumar
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to N. Shyam Sunder .

Editor information

Editors and Affiliations

Electrical and Electronics Engineer, SRM Engineering College, Kattankulathur, Tamil Nadu, India
Subhransu Sekhar Dash
Electrical & Electronics Engineering, Velammal Engineering College, Chennai, Tamil Nadu, India
M. Arun Bhaskar
Dept Electrical & Electronics Engg, IIT Delhi, New Delhi, India
Bijaya Ketan Panigrahi
Indian Statistical Institute, Kolkata, India
Swagatam Das

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sunder, N.S., Gireeshkumar, T. (2016). Privilege-Based Scoring System Against Cross-Site Scripting Using Machine Learning. In: Dash, S., Bhaskar, M., Panigrahi, B., Das, S. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 394. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2656-7_54

Download citation

DOI: https://doi.org/10.1007/978-81-322-2656-7_54
Published: 06 February 2016
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2654-3
Online ISBN: 978-81-322-2656-7
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics