A Framework for Preserving the Privacy of Online Users Against XSS Worms on Online Social Network

Artigo Revisado por pares

A Framework for Preserving the Privacy of Online Users Against XSS Worms on Online Social Network

2018; IGI Global; Volume: 14; Issue: 1 Linguagem: Inglês

10.4018/ijitwe.2019010105

ISSN

1554-1053

Autores

Pooja Chaudhary, Brij B. Gupta, Shashank Gupta,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

This article presents a hybrid framework i.e. OXSSD (Online Social Network-Based XSS-Defender) that explores cross-site scripting (XSS) attack vectors at the vulnerable points in web applications of social networks. Initially, during training phase, it generates the views for each request and formulates the access control list (ACL) which encompasses all the privileges a view can have. It also ascertains all possible injection points for extracting malicious attack vectors. Secondly, during recognition phase, after action authentication XSS attack vectors are retrieved from the extracted injection points followed by the clustering of these attack vectors. Finally, it sanitizes the compressed clustered template in a context-aware manner. This context-aware sanitization ensures efficient and accurate alleviation of XSS attacks from the OSN-based web applications. The authors will evaluate the detection capability of OXSSD on a tested suite of real world OSN-based web applications (Humhub, Elgg, WordPress, Drupal and Joomla). The performance analysis revealed that OXSSD detects injection of illicit attack vectors with very low false positives, false negatives and acceptable performance overhead.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

A Framework for Preserving the Privacy of Online Users Against XSS Worms on Online Social Network