Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System
TL;DR: An “intelligent” tool for detecting cross-site scripting flaws in web applications based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations.
read more
Abstract: With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Web Application Firewall Using Machine Learning and Features Engineering
TL;DR: In this article , the authors presented a model for a web application firewall that used machine learning and features engineering to detect common web attacks and achieved a classification accuracy of 99.6% with datasets used in research studies in this field and 98.8% with real web servers.
22
Modern Authentication Schemes in Smartphones and IoT Devices: An Empirical Survey
Milad Taleby Ahvanooey,Mark X. Zhu,Qianmu Li,Wojciech Mazurczyk,Kim-Kwang Raymond Choo,Birij B. Gupta,Mauro Conti +6 more
TL;DR: A comprehensive literature review and an empirical study are conducted to gain an in-depth understanding of the different authentication schemes as well as their vulnerabilities and deficits against various types of cyberattacks when applied in IoT-based systems.
14
Detection of Cross-Site Scripting Attacks using Dynamic Analysis and Fuzzy Inference System
Olorunjube James Falana,Ife Olalekan Ebo,Carolyn Oreoluwa Tinubu,Olusesi Alaba Adejimi,Andeson Ntuk +4 more
- 01 Mar 2020
TL;DR: A hybrid mechanism for detecting XSS attacks using Dynamic Analysis and Fuzzy Inference is presented, which scans the website for possible points of injection before generating an attack vector launched via an HTTP request to a web application.
11
References
Application of fuzzy algorithms for control of simple dynamic plant
E.H. Mamdani
- 01 Dec 1974
TL;DR: In this article, the authors describe a scheme in which a fuzzy algorithm is used to control plant, in this case, a laboratory-built steam engine, implemented as an interpreter of a set of rules expressed as fuzzy conditional statements.
4.3K
Generating fuzzy rules by learning from examples
Li-Xin Wang,Jerry M. Mendel +1 more
- 01 Jan 1992
TL;DR: The mapping is proved to be capable of approximating any real continuous function on a compact set to arbitrary accuracy and applications to truck backer-upper control and time series prediction problems are presented.
3.1K
A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection
Rahul Johari,Pankaj Sharma +1 more
- 11 May 2012
TL;DR: This paper presents a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques, and proposes future expectations and possible development of countermeasures against Structured query language injection attacks.
134
Automated removal of cross site scripting vulnerabilities in web applications
Lwin Khin Shar,Hee Beng Kuan Tan +1 more
TL;DR: This paper identifies potential XSS vulnerabilities in program source code and secures them with appropriate escaping mechanisms which prevent input values from causing any script execution and develops a tool, saferXSS, to implement the proposed approach.
96
A Survey on Detection and Prevention of Cross-Site Scripting Attack
TL;DR: A technique to detect and prevent this ki nd of manipulation and hence eliminate Cross-Site Scripting attack is described.
41