Adaptive cross-site scripting attack detection framework for smart devices security using intelligent filters and attack ontology

作     者：Chaudhary, Pooja Gupta, B. B. Singh, A. K. 

作者机构：Natl Inst Technol Dept Comp Engn Kurukshetra India Asia Univ Int Ctr AI & Cyber Secur Res & Innovat Taichung 413 Taiwan Asia Univ Dept Comp Sci & Informat Engn Taichung 413 Taiwan Lebanese Amer Univ Beirut 1102 Lebanon Univ Petr & Energy Studies UPES Ctr Interdisciplinary Res Dehra Dun Uttarakhand India Skyline Univ Coll Res & Innovat Dept Sharjah 1797 U Arab Emirates 

出 版 物：《SOFT COMPUTING》 (Soft Comput.)

年 卷 期：2023年第27卷第8期

页      面：4593-4608页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Cross-site scripting (XSS) attack Self-organizing map algorithm Smart devices Internet-of-things (IoT) network Attack ontology Smart device security 

摘      要：Smart devices are equipped with technology that facilitates communication among devices connected via the Internet. These devices are shipped with a user interface that enables users to perform administrative activities using a web browser linked to the device s server. Cross-site scripting (XSS) is the most prevalent web application vulnerability exploited by attackers to compromise smart devices. In this paper, the authors have designed a framework for shielding smart devices from XSS attacks. It is a machine learning-based attack detection framework which employs self-organizing-map (SOM) to classify XSS attack string. The input vector to the SOM is generated based on attack ontology and the changing behavior of the attack strings in different input fields in the device web interface. Additionally, it also sanitizes the injected attack string to neutralize the harmful effects of attack. The experimental results are obtained using the real-world dataset on the XSS attack. We tested the proposed framework on web interface of two smart devices (TP-link Wi-Fi router and HP color printer) containing hidden XSS vulnerabilities. The observed results unveil the robustness of the proposed work against the existing work as it achieves a high accuracy of 0.9904 on the tested dataset. It is a platform-independent attack detection system deployed on the browser or server side.