检索结果-内蒙古大学图书馆

A Vulnerability Detection Method for Internet cross-site scripting Based on Relationship Diagram Convolutional Networks

引用

Journal of Web Engineering 2025年第2期24卷 243-266页

作者： Guo, Zhida Li, Xiaoli Hu, Ran Wang, Dapeng Song, Weijie Huizhou Power Supply Bureau Guangdong Power Grid Co. Ltd Huizhou 516000 China Zhuhai Power Supply Bureau Guangdong Power Grid Co. Ltd Zhuhai 519000 China

The aim of this research is to quickly detect cross-site scripting (XSS) attacks on the internet based on relationship diagram convolutional networks. Based on the principle and attack process of cross-site scripting attacks, domain knowledge is used to build an XSS ontology to conduct high-level modeling of cross-site scripting attacks, obtain data that can reflect XSS attacks, normalize these attack data, extract attack data word vectors, use them as the input of the relationship diagram convolution networks added to the attention mechanism, and learn attack feature word vectors. After further extracting node characteristics through convolution and pooling, all node characteristics are aggregated and fed into the fully connected neural network. XSS vulnerability detection results are obtained through classification of the activation function, and malicious domain name and malicious IP information are combined as supplementary rules to improve the effectiveness of the vulnerability detection in internet cross-site scripting based on the relationship graph convolution network. Experiments show that this method can accurately detect XSS vulnerabilities, provide comprehensive and accurate attack details, and its performance is better than that of the literature method, which is reflected in the higher accuracy, recall, accuracy and F1 value, and the leading area of the ROC curve. Its detection speed is extremely fast, only 0.03 s, and by combining malicious domain name and IP information, the detection efficiency is further improved, realizing rapid response and effectively maintaining Internet security. © 2025 River Publishers.

关键词： convolutional network cross-site scripting Internet Relationship diagram vulnerability detection word vector

来源：评论

学校读者我要写书评

暂无评论

cross-site scripting Threat Intelligence Detection Based on Deep Learning 5th

Cross-site Scripting Threat Intelligence Detection Based on ...

引用

5th International Conference on Frontiers in Cyber Security (FCS)

作者： Liu, Zhonglin Fang, Yong Xu, Yijia Sichuan Univ Sch Cyber Sci & Engn Chengdu Sichuan Peoples R China

ISBN: (纸本)9789811984440;9789811984457

In an increasingly complex cyber environment, where the role of traditional protection tools is increasingly limited, intelligence is the key point in the battle. Through the information monitoring of Internet social platforms, potential cyberattack threats to enterprises, governments, and other institutions could be analyzed. Twitter, the world's largest social media platform, spreads news and shares tweets about cybersecurity-related events and technologies daily, with cross-site scripting attacks being one of them. In the status quo, this paper proposes a cross-site scripting threat intelligence detection model based on deep learning, which can detect tweets involving threats related to cross-site scripting attacks. We utilized a variety of word vector extraction tools blended with topic word extraction techniques to construct a word vector matrix with multi-dimensional features. Then, the threat event detection model is trained using a bidirectional recurrent convolutional neural network with a self-attentive mechanism. In the experiment, the accuracy rate of our proposed model exceeds 0.96, and through multiple sets of control experimental data results, it is proved that the structure designed in the model is conducive to improving the performance of the model and that the model is effective in detecting tweets that involve cross-site scripting threats.

关键词： Neural networks cross-site scripting Threats Deep learning

来源：评论

学校读者我要写书评

暂无评论

cross-site scripting (XSS) and SQL Injection Attacks Multi-classification Using Bidirectional LSTM Recurrent Neural Network 8

Cross-Site Scripting (XSS) and SQL Injection Attacks Multi-c...

引用

IEEE International Conference on Progress in Informatics and Computing (IEEE PIC)

作者： Farea, Abdulgbar A. R. Wang, Chengliang Farea, Ebraheem Alawi, Abdulfattah Ba Chongqing Univ Sch Big Data & Software Engn Chongqing Peoples R China Northeastern Univ Software Coll Shenyang Peoples R China Taiz Univ Software Engn Taizi Yemen

ISBN: (纸本)9781665426558

E-commerce, ticket booking, banking, and other web-based applications that deal with sensitive information, such as passwords, payment information, and financial information, are widespread. Some web developers may have different levels of understanding about securing an online application. The two vulnerabilities identified by the Open Web Application Security Project (OWASP) for its 2017 Top Ten List are SQL injection and cross-site scripting (XSS). Because of these two vulnerabilities, an attacker can take advantage of these flaws and launch harmful web-based actions. Many published articles concentrated on a binary classification for these attacks. This article developed a new approach for detecting SQL injection and XSS attacks using deep learning. SQL injection and XSS payloads datasets are combined into a single dataset. The word-embedding technique is utilized to convert the word's text into a vector. Our model used BiLSTM to auto feature extraction, training, and testing the payloads dataset. BiLSTM classified the payloads into three classes: XSS, SQL injection attacks, and normal. The results showed great results in classifying payloads into three classes: XSS attacks, injection attacks, and non-malicious payloads. BiLSTM showed high performance reached 99.26% in terms of accuracy.

关键词： web security SQL injection XSS cross-site scripting deep learning RNN LSTM BiLSTM

来源：评论

学校读者我要写书评

暂无评论

cross-site scripting for Graphic Data: Vulnerabilities and Prevention 10

Cross-Site Scripting for Graphic Data: Vulnerabilities and P...

引用

10th International Conference on Dependable Systems, Services and Technologies (DESSERT)

作者： Zubarev, Dmytro Skarga-Bandurova, Inna Volodymyr Dahl East Ukrainian Natl Univ Severodonetsk Ukraine Natl Acad Sci Ukraine GE Pukhov Inst Modeling Energy Engn Kiev Ukraine

ISBN: (纸本)9781728117331

In this paper, we present an overview of the problems associated with the cross-site scripting (XSS) in the graphical content of web applications. The brief analysis of vulnerabilities for graphical files and factors responsible for making SVG images vulnerable to XSS attacks are discussed. XML treatment methods and their practical testing are performed. As a result, the set of rules for protecting the graphic content of the websites and prevent XSS vulnerabilities are proposed.

关键词： cross-site scripting XSS graphic content SVG vulnerability attack tes code black list white list

来源：评论

学校读者我要写书评

暂无评论

Twenty-two years since revealing cross-site scripting attacks: A systematic mapping and a comprehensive survey

引用

COMPUTER SCIENCE REVIEW 2024年 52卷

作者： Hannousse, Abdelhakim Yahiouche, Salima Nait-Hamoud, Mohamed Cherif Larbi Tebessi Univ Lab Vis & Artificial Intelligence LAVIA BP 289 Tebessa 12000 Algeria Univ 8 Mai 1945 Guelma PI MIS Lab BP 401 Guelma 24000 Algeria Badji Mokhtar Univ LRS Lab BP 12 Annaba 23000 Algeria

cross -site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its disclosure in late 1999 by Microsoft security engineers, several techniques have been developed with the aim of securing web navigation and protecting web applications against XSS attacks. XSS has been and is still in the top 10 list of web vulnerabilities reported by the Open Web Applications Security Project (OWASP). Consequently, handling XSS attacks has become one of the major concerns of several web security communities. Despite the numerous studies that have been conducted to combat XSS attacks, the attacks continue to rise. This motivates the study of how the interest in XSS attacks has evolved over the years, what has already been achieved to prevent these attacks, and what is missing to restrain their prevalence. In this paper, we conduct a systematic mapping and a comprehensive survey with the aim of answering all these questions. We summarize and categorize existing endeavors that aim to handle XSS attacks and develop XSS-free web applications. The systematic mapping yielded 157 high -quality published studies. By thoroughly analyzing those studies, a comprehensive taxonomy is drawn out outlining various techniques used to prevent, detect, protect, and defend against XSS attacks and vulnerabilities. The study of the literature revealed a remarkable interest bias toward basic (84.71%) and JavaScript (81.63%) XSS attacks as well as a dearth of vulnerability repair mechanisms and tools (only 1.48%). Notably, existing vulnerability detection techniques focus solely on single -page detection, overlooking flaws that may span across multiple pages. Furthermore, the study brought to the forefront the limitations and challenges of existing attack detection and defense techniques concerning machine learning and content -security policies. Consequently, we strongly advocate the development of more suitable detection and defen

关键词： Web security cross-site scripting XSS attacks XSS vulnerabilities Systematic mapping Survey

来源：评论

学校读者我要写书评

暂无评论

Deploying Hybrid Ensemble Machine Learning Techniques for Effective cross-site scripting(XSS)Attack Detection

引用

Computers, Materials & Continua 2024年第10期81卷 707-748页

作者： Noor Ullah Bacha Songfeng Lu Attiq Ur Rehman Muhammad Idrees Yazeed Yasin Ghadi Tahani Jaser Alahmadi School of Cyber Science and Engineering Huazhong University of Science and TechnologyWuhan430073China Department of Computer Science and Engineering University of Engineering and TechnologyLahore54000Pakistan Department of Computer Science and Software Engineering Al Ain UniversityAl Ain12555Abu Dhabi Department of Information Systems College of Computer and Information SciencesPrincess Nourah bint Abdulrahman UniversityRiyadh84428Saudi Arabia

cross-site scripting(XSS)remains a significant threat to web application security,exploiting vulnerabilities to hijack user sessions and steal sensitive *** detection methods often fail to keep pace with the evolving sophistication of cyber *** paper introduces a novel hybrid ensemble learning framework that leverages a combination of advanced machine learning algorithms—Logistic Regression(LR),Support Vector Machines(SVM),eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),and Deep Neural Networks(DNN).Utilizing the XSS-Attacks-2021 dataset,which comprises 460 instances across various real-world trafficrelated scenarios,this framework significantly enhances XSS attack *** approach,which includes rigorous feature engineering and model tuning,not only optimizes accuracy but also effectively minimizes false positives(FP)(0.13%)and false negatives(FN)(0.19%).This comprehensive methodology has been rigorously validated,achieving an unprecedented accuracy of 99.87%.The proposed system is scalable and efficient,capable of adapting to the increasing number of web applications and user demands without a decline in *** demonstrates exceptional real-time capabilities,with the ability to detect XSS attacks dynamically,maintaining high accuracy and low latency even under significant ***,despite the computational complexity introduced by the hybrid ensemble approach,strategic use of parallel processing and algorithm tuning ensures that the system remains scalable and performs robustly in real-time *** for easy integration with existing web security systems,our framework supports adaptable Application Programming Interfaces(APIs)and a modular design,facilitating seamless augmentation of current *** innovation represents a significant advancement in cybersecurity,offering a scalable and effective solution for securing modern web applications against evolving threats.

关键词： cross-site scripting machine learning XSS detection stacking ensemble learning hybrid learning

来源：评论

学校读者我要写书评

暂无评论

Current state of research on cross-site scripting (XSS) - A systematic literature review

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2015年 58卷 170-186页

作者： Hydara, Isatou Sultan, Abu Bakar Md. Zulzalil, Hazura Admodisastro, Novia Univ Putra Malaysia Fac Comp Sci & Informat Technol Dept Software Engn & Informat Syst Serdang 43400 Selangor Malaysia

Context: cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. Method: We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Results: Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. Conclusion: XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment. (C) 2014 Elsevier B.V. All rights reserved.

关键词： Systematic literature review cross-site scripting Security Web applications

来源：评论

学校读者我要写书评

暂无评论

Mitigating cross-site scripting Attacks with a Content Security Policy

引用

COMPUTER 2016年第3期49卷 56-63页

作者： Yusof, Imran Pathan, Al-Sakib Khan Int Islamic Univ Malaysia Kulliyyah Informat & Commun Technol Kuala Lumpur Malaysia Int Islamic Univ Malaysia Dept Comp Sci Kuala Lumpur Malaysia

A content security policy (CSP) can help Web application developers and server administrators better control website content and avoid vulnerabilities to cross-site scripting (XSS). In experiments with a prototype web... 详细信息

关键词： Browsers Computer security Content management Payloads Loading Uniform resource locators Media Web services Internet Web vulnerabilities security Internet Web technology content security policy CSP cross-site scripting XSS Web applications

来源：评论

学校读者我要写书评

暂无评论

Noncespaces: Using randomization to defeat cross-site scripting attacks

引用

COMPUTERS & SECURITY 2012年第4期31卷 612-628页

作者： Van Gundy, Matthew Chen, Hao Univ Calif Davis Dept Comp Sci Davis CA 95616 USA

cross-site scripting (XSS) vulnerabilities are among the most common and serious web application vulnerabilities. It is challenging to eliminate XSS vulnerabilities because it is difficult for web applications to sanitize all user input appropriately. We present Noncespaces, a technique that enables web clients to distinguish between trusted and untrusted content to prevent exploitation of XSS vulnerabilities. Using Noncespaces, a web application randomizes the the (X)HTML tags and attributes in each document before delivering it to the client. As long as the attacker is unable to guess the random mapping, the client can distinguish between trusted content created by the web application and untrusted content provided by an attacker. To implement Noncespaces with minimal changes to web applications, we leverage a popular web application architecture to automatically apply Noncespaces to static content processed through a popular PHP template engine. We design a policy language for Noncespaces, implement a training mode to assist policy development, and conduct extensive security testing of a generated policy for two large web applications to show the effectiveness of our technique. (C) 2012 Elsevier Ltd. All rights reserved.

关键词： Security Defense cross-site scripting Client-side policy enforcement Information flow tracking Web application World wide web

来源：评论

学校读者我要写书评

暂无评论

Taint Inference for cross-site scripting in Context of URL Rewriting and HTML Sanitization

引用

ETRI JOURNAL 2016年第2期38卷 376-386页

作者： Pan, Jinkun Mao, Xiaoguang Li, Weishi Natl Univ Def Technol Coll Comp Changsha Hunan Peoples R China

Currently, web applications are gaining in prevalence. In a web application, an input may not be appropriately validated, making the web application susceptible to cross site scripting (XSS), which poses serious security problems for Internet users and websites to whom such trusted web pages belong. A taint inference is a type of information flow analysis technique that is useful in detecting XSS on the client side. However, in existing techniques, two current practical issues have yet to be handled properly. One is URL rewriting, which transforms a standard URL into a clearer and more manageable form. Another is HTML sanitization, which filters an input against blacklists or whitelists of HTML tags or attributes. In this paper, we make an analogy between the taint inference problem and the molecule sequence alignment problem in bioinformatics, and transfer two techniques related to the latter over to the former to solve the aforementioned yet-to-be-handled-properly practical issues. In particular, in our method, URL rewriting is addressed using local sequence alignment and HTML sanitization is modeled by introducing a removal gap penalty. Empirical results demonstrate the effectiveness and efficiency of our method.

关键词： Taint inference cross-site scripting URL rewriting HTML sanitization bioinformatics

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：