Title :
On the automatic detection algorithm of Cross Site Scripting (XSS) with the non-stationary Bernoulli distribution
Author :
Koizumi, D. ; Matsuda, Tadamitsu ; Sonoda, M.
Author_Institution :
Fac. of Inf. Technol. & Bus., Cyber Univ., Tokyo, Japan
Abstract :
Cross Site Scripting (XSS) is a kind of injection attack triggered by the malicious scripts on the Web sites. If attackers successfully lead XSS, end users´ Web browsing session can be hijacked and their personal information is often stolen by attackers. One of main reasons for XSS is the vulnerabilities on the Web applications. However, those vulnerabilities are often left to maintain continuous services. Therefore, establishing technology for automatic detection of XSS has been important in recent years. This paper proposes the automatic detection algorithm of XSS. The proposed algorithm utilizes probabilistic approach since the feature of end user´s input on the Web application is hopefully normal, but sometimes attack (malicious). In terms of statistical decision theory, the proposed algorithm is obtained by the Bayes optimal prediction based on the non-stationary Bernoulli process. Finally, our approach is validated by the simulation experiments with various data of inputs of Web applications.
Keywords :
Bayes methods; Web sites; decision theory; invasive software; online front-ends; statistical analysis; Bayes optimal prediction; Web application; Web sites; automatic XSS detection algorithm; automatic cross-site scripting detection algorithm; end-user Web browsing session hijack; end-user personal information stealing; injection attack; malicious scripts; nonstationary Bernoulli distribution; probabilistic approach; statistical decision theory;
Conference_Titel :
Communications, Computers and Applications (MIC-CCA), 2012 Mosharaka International Conference on
Conference_Location :
Istanbul
Print_ISBN :
978-1-4673-5230-7
