Year 2020, Volume 23 , Issue 1, Pages 67 - 72 2020-03-01

Malicious XSS Code Detection with Decision Tree
Malicious XSS Code Detection with Decision Tree

Ömer KASIM [1]


Dynamic applications such as e-commerce, blogs, forums, e-governance, e-banking and portals that are in these platforms have become a part of our lives. However, a tremendous increase in the use of dynamic web and mobile applications has resulted in security vulnerabilities originating from the Hypertext Markup Language (HTML) coding system. Site-to-site Script Execution (XSS) attack is the largest contributors to security exploits. There are different models according to the dynamic content that XSS attacks use. The interest of the study is composed of attacks on visual content with the "img" tag. In study, an algorithm has been developed to detect XSS attacks with the decision tree which is motivated by the fact that they tend to be easier to implement and interpret than other quantitative data-driven methods. The algorithm that successfully classifies 392 of 400 malicious and clean codes in the data set with 8 different features. This result contributes to the use of secure internet without XSS attacks that use visual content..

Dynamic applications such as e-commerce, blogs, forums, e-governance, e-banking and portals that are in these platforms have become a part of our lives. However, a tremendous increase in the use of dynamic web and mobile applications has resulted in security vulnerabilities originating from the Hypertext Markup Language (HTML) coding system. Site-to-site Script Execution (XSS) attack is the largest contributors to security exploits. There are different models according to the dynamic content that XSS attacks use. The interest of the study is composed of attacks on visual content with the "img" tag. In study, an algorithm has been developed to detect XSS attacks with the decision tree which is motivated by the fact that they tend to be easier to implement and interpret than other quantitative data-driven methods. The algorithm that successfully classifies 392 of 400 malicious and clean codes in the data set with 8 different features. This result contributes to the use of secure internet without XSS attacks that use visual content..
  • Ömer Kasim, “Evolving Web Process and Security”, 9. International Conference on Information Security and Cryptology, (2016). Wichers Dave, “https://www.. owasp.org/index.php/Top_10_2013-Top_10”, Date of Access: 15.07.2017.
  • Garcia Alfaro, Navarro Arribas, "Prevention Of Cross-Site Scripting Attacks On Current Web Applications Greece", Proceedings of The OTM Confederated International, (2007).
  • Yusof Imran, Al-Sakib Khan Pathan, "Preventing Persistent Cross-Site Scripting (XSS) Attack By Applying Pattern Filtering Approach", IEEE The 5th International Conference On Information And Communication Technology, (2014).
  • Jasmine M. S., Kirthiga Devi, Geogen George. "Detecting XSS Based Web Application Vulnerabilities", International Journal Of Computer Technology & Applications, Pp. 291-297, (2017).
  • Gupta, B. B., Gupta, S., Gangwar, S., Kumar, M., Meena, P. K., “Cross-Site Scripting (XSS) Abuse And Defense: Exploitation On Several Testing Bed Environments And Its Defense.” Journal Of Information Privacy And Security, Vol.11, No.2, Pp. 118-136, (2015).
  • Dong, Ri-Zhan, Jie Ling, And Yi Liu. "DOM Based XSS Detecting Method Based On Phantomjs." Proceedings Of The International Conference On Applied Mechanics, Mechatronics And Intelligent Systems, (2015).
  • Vural, Yılmaz, Şeref SAĞIROĞLU. "Kurumsal Bilgi Güvenliği Ve Standartları Üzerine Bir İnceleme." Gazi Üniversitesi Journal of Faculty of Engineering and Architecture Vol.23, No.2, (2008).
  • S. Saha, “Consideration Points Detecting Cross-Site Scripting," International Journal Of Computer Science And Information Security, Vol. 4, No. 1, (2009).
  • Zou, Cliff Changchun, Weibo Gong, Don Towsley. "Code Red Worm Propagation Modeling And Analysis." Proceedings Of The 9th ACM Conference On Computer And Communications Security, (2002).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference On Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Baykara Muhammet, Resul Daş, İsmail Karadoğan. "Bilgi Güvenliği Sistemlerinde Kullanılan Araçların İncelenmesi." 1st International Symposium On Digital Forensics And Security, Vol. 27. (2013).
  • GA Di Lucca, AR Fasolino, M Mastoianni, "Identifying Cross Site Scripting Vulnerabilities In Web Applications." Sixth IEEE International Workshop On Web Site Evolution, (2004).
  • Bhuyan, Monowar H., Dhruba K. Bhattacharyya, Jugal K. Kalita. "Survey On Incremental Approaches For Network Anomaly Detection." Arxiv Preprint Arxiv:1211.4493, (2012).
  • Bisht, Prithvi, V. N. Venkatakrishnan. "XSS-GUARD: Precise Dynamic Prevention Of Cross-Site Scripting Attacks." International Conference on Detection Of Intrusions And Malware, And Vulnerability Assessment, (2008).
  • Boro, Debojit, Dhruba K. Bhattacharyya. "Dyprosd: A Dynamic Protocol Specific Defense For High-Rate Ddos Flooding Attacks.", Microsystem Technologies, Pp. 593-611, (2017).
  • Shahriar, Hossain, Vamshee Krishna Devendran, Hisham Haddad. "Proclick: A Framework For Testing Clickjacking Attacks In Web Applications." Proceedings Of The 6th International Conference On Security Of Information And Networks, (2013).
  • S Goswami, N Hoque, DK Bhattacharyya "An Unsupervised Method For Detection Of XSS Attack." International Journal Of Network Security, Vol.19, No.5, Pp.761-775, Sept. (2017).
  • Likarish, Peter, Eunjin Jung, Insoon Jo, "Obfuscated Malicious Javascript Detection Using Classification Techniques.", IEEE 4th International Conference On Malicious And Unwanted Software, (2009).
  • Sheet, XSS Filter Evasion Cheat, “https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_
Primary Language en
Subjects Engineering
Journal Section Research Article
Authors

Orcid: 0000-0003-4021-5412
Author: Ömer KASIM (Primary Author)
Institution: DUMLUPINAR ÜNİVERSİTESİ, SİMAV TEKNOLOJİ FAKÜLTESİ
Country: Turkey


Dates

Publication Date : March 1, 2020

Bibtex @research article { politeknik470332, journal = {Politeknik Dergisi}, issn = {}, eissn = {2147-9429}, address = {Gazi Üniversitesi Teknoloji Fakültesi 06500 Teknikokullar - ANKARA}, publisher = {Gazi University}, year = {2020}, volume = {23}, pages = {67 - 72}, doi = {10.2339/politeknik.470332}, title = {Malicious XSS Code Detection with Decision Tree}, key = {cite}, author = {KASIM, Ömer} }
APA KASIM, Ö . (2020). Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi , 23 (1) , 67-72 . DOI: 10.2339/politeknik.470332
MLA KASIM, Ö . "Malicious XSS Code Detection with Decision Tree". Politeknik Dergisi 23 (2020 ): 67-72 <https://dergipark.org.tr/en/pub/politeknik/issue/51707/470332>
Chicago KASIM, Ö . "Malicious XSS Code Detection with Decision Tree". Politeknik Dergisi 23 (2020 ): 67-72
RIS TY - JOUR T1 - Malicious XSS Code Detection with Decision Tree AU - Ömer KASIM Y1 - 2020 PY - 2020 N1 - doi: 10.2339/politeknik.470332 DO - 10.2339/politeknik.470332 T2 - Politeknik Dergisi JF - Journal JO - JOR SP - 67 EP - 72 VL - 23 IS - 1 SN - -2147-9429 M3 - doi: 10.2339/politeknik.470332 UR - https://doi.org/10.2339/politeknik.470332 Y2 - 2019 ER -
EndNote %0 Politeknik Dergisi Malicious XSS Code Detection with Decision Tree %A Ömer KASIM %T Malicious XSS Code Detection with Decision Tree %D 2020 %J Politeknik Dergisi %P -2147-9429 %V 23 %N 1 %R doi: 10.2339/politeknik.470332 %U 10.2339/politeknik.470332
ISNAD KASIM, Ömer . "Malicious XSS Code Detection with Decision Tree". Politeknik Dergisi 23 / 1 (March 2020): 67-72 . https://doi.org/10.2339/politeknik.470332
AMA KASIM Ö . Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi. 2020; 23(1): 67-72.
Vancouver KASIM Ö . Malicious XSS Code Detection with Decision Tree. Politeknik Dergisi. 2020; 23(1): 72-67.