Abstract
The attacks on the users by exploiting the vulnerabilities of the browsers have increased at an alarming rate. The existing attack prevention strategies have failed miserably in most of the situations. Moreover, users have also not taken much care of configuring their browsers securely, using available extensions and plug-ins. This proposal puts forward an advanced XSS prevention technique by introducing a new scoring system for privilege levels and vulnerability levels of the contents rendered in the browser. The java scripts rendered in the browsers are stored, classified, and analyzed using machine learning algorithms. Machine learning can also be used to predict the browser quirks and generate an attacker pattern. The security mechanisms are also implemented inside the Document Object Model (DOM) to check the execution of dynamic scripts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barth A, Jackson C, Mitchell JC. Securing frame communication in browsers. Commun ACM. 2009;52(6):83–91.
Chen, EY, Bau J, Reis C, Barth A, Jackson C. App isolation: get the security of multiple browsers with just one.” In Proceedings of the 18th ACM conference on computer and communications security, ACM; 2011. p. 227–238.
Clark J, van Oorschot PC. SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE symposium on security and privacy (SP), 2013, IEEE; 2013. p. 511–25.
Czeskis A, Moshchuk A, Kohno T, Wang HJ. Lightweight server support for browser-based csrf protection. In: Proceedings of the 22nd international conference on world wide web conferences steering committee; 2013. p. 273–284.
Garcia-Alfaro J, Navarro-Arribas G. Prevention of crosssite scripting attacks on current web applications. In: On the move to meaningful internet systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. Berlin Heidelberg: Springer; 2007. p. 1770–1784
Jang D, Tatlock Z, Lerner S. Establishing browser security guarantees through formal shim verification. In: Proceedings of the 21st USENIX conference on security symposium, p. 8–8. USENIX Association; 2012.
Kimak, S, Ellman J, Laing C. An investigation into possible attacks on HTML5 indexed DB and their prevention. In: 13th annual post-graduate symposium on the convergence of telecommunications, networking and broadcasting (PGNet 2012), Liverpool, UK; 2012.
Luo T, Du W, Soundararaj KD. Capability-based access control for web browsers; 2011.
Murdoch SJ. Hardened stateless session cookies. In: Security protocols XVI. Berlin Heidelberg: Springer; 2011. p. 93–101
Nikiforakis N, et al. Cookieless monster: Exploring the ecosystem of webbased device fingerprinting. In: IEEE symposium on security and privacy (SP), 2013. IEEE; 2013.
Pelizzi R, Sekar R. Protection, usability and improvements in reflected XSS filters. In: ASIACCS; 2012. p. 5.
Sun, F, Xu L, Su Z. Client-side detection of XSS worms by monitoring payload propagation. In: Computer Security ESORICS 2009. Berlin Heidelberg: Springer; 2009. p. 539–54.
Unger T, Mulazzani M, Fruhwirt D, Huber M, Schrittwieser S, Weippl E. SHPF: enhancing HTTP (S) session security with browser fingerprinting. In: Eighth international conference on availability, reliability and security (ARES), 2013, IEEE; 2013. p. 255–61.
Weinberger J, Saxena P, Akhawe D, Finifter M, Shin R, Song D. A systematic analysis of xss sanitization in web application frameworks. In: Computer security ESORICS 2011, Berlin Heidelberg: Springer; 2011. p. 150–171
Zeller W, Felten EW. Cross-site request forgeries: exploitation and prevention. The New York Times;2008:1–13.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer India
About this paper
Cite this paper
Sunder, N.S., Gireeshkumar, T. (2016). Privilege-Based Scoring System Against Cross-Site Scripting Using Machine Learning. In: Dash, S., Bhaskar, M., Panigrahi, B., Das, S. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 394. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2656-7_54
Download citation
DOI: https://doi.org/10.1007/978-81-322-2656-7_54
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2654-3
Online ISBN: 978-81-322-2656-7
eBook Packages: EngineeringEngineering (R0)