SEC‐H5: Secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes

The authors introduce an enhanced HTML5 (H5) Cross‐Site Scripting (H5‐XSS) attack vector defensive model that safeguards and maintains the confidentiality of users accessing the web applications hosted on the fog nodes. Initially, the model performs in self‐training manner and estimates some features of H5 script code at the simulated desktop host systems of cloud infrastructure. Second, a process of H5 feature estimation gets re‐executed for the online generated HTTP response on the edge network of fog device. Any oddity in these two features sets results in the consequent nested context‐familiar sanitization of the distrustful script code on an installed fog nodes. The author design their framework structure on an open application infrastructural structure of Cisco IOx framework of various networked edge devices as fog nodes. The authors configure the tested bed of H5 web platforms on the nodes of the fog computing network for evaluating the malicious script alleviation capability of their model. Evaluation outcomes expose that the author's technique is skilled sufficient for sensing and excluding the suspicious H5 code with sufferable percentage of False Negatives (FNs), False Positives (FPs), and reduced overall performance overhead during the peak congestion of generation of sanitized HTTP response on the fog nodes.

[1]  Bharti Nagpal,et al.  SECSIX: security engine for CSRF, SQL injection and XSS attacks , 2017, Int. J. Syst. Assur. Eng. Manag..

[2]  Eunjin Jung,et al.  Obfuscated malicious javascript detection using classification techniques , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[3]  Brij B. Gupta,et al.  Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications , 2016 .

[4]  Novia Admodisastro,et al.  Current state of research on cross-site scripting (XSS) - A systematic literature review , 2015, Inf. Softw. Technol..

[5]  Jiang Zhu,et al.  Fog Computing: A Platform for Internet of Things and Analytics , 2014, Big Data and Internet of Things.

[6]  Zhoujun Li,et al.  Program Slicing Stored XSS Bugs in Web Application , 2011, 2011 Fifth International Conference on Theoretical Aspects of Software Engineering.

[7]  Ben Stock,et al.  From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting , 2015, CCS.

[8]  Brij B. Gupta,et al.  DOM-Guard: Defeating DOM-Based Injection of XSS Worms in HTML5 Web Applications on Mobile-Based Cloud Platforms , 2018 .

[9]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[10]  Muttukrishnan Rajarajan,et al.  A survey on security issues and solutions at different layers of Cloud computing , 2012, The Journal of Supercomputing.

[11]  Benjamin Livshits,et al.  Towards fully automatic placement of security sanitizers and declassifiers , 2013, POPL 2013.

[12]  Qun Li,et al.  Fog Computing: Platform and Applications , 2015, 2015 Third IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb).

[13]  Brij Bhooshan Gupta,et al.  Smart XSS Attack Surveillance System for OSN in Virtualized Intelligence Network of Nodes of Fog Computing , 2017, Int. J. Web Serv. Res..

[14]  Eduardo Feitosa,et al.  Automatic classification of cross-site scripting in web pages using document-based and URL-based features , 2012, 2012 IEEE Symposium on Computers and Communications (ISCC).

[15]  Brij B. Gupta,et al.  XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in JavaScript Code , 2016 .

[16]  Dawn Xiaodong Song,et al.  Context-sensitive auto-sanitization in web templating languages using type qualifiers , 2011, CCS '11.

[17]  Brij B. Gupta,et al.  A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social network , 2019, Concurr. Comput. Pract. Exp..

[18]  Brij Bhooshan Gupta,et al.  Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network , 2018, Future Gener. Comput. Syst..

[19]  Lwin Khin Shar,et al.  Automated removal of cross site scripting vulnerabilities in web applications , 2012, Inf. Softw. Technol..

[20]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[21]  Elena Castro,et al.  A multi-agent scanner to detect stored-XSS vulnerabilities , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[22]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[23]  Wouter Joosen,et al.  FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications , 2012, ASIACCS '12.

[24]  K. P. Jevitha,et al.  Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithms , 2014, ICONIAAC '14.

[25]  Ciprian Dobre,et al.  Big Data and Internet of Things: A Roadmap for Smart Environments , 2014, Big Data and Internet of Things.

[26]  Qun Li,et al.  A Survey of Fog Computing: Concepts, Applications and Issues , 2015, Mobidata@MobiHoc.

[27]  Collin Jackson,et al.  Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.

[28]  Gurpreet Kaur,et al.  Efficient yet Robust Elimination of XSS Attack Vectors from HTML5 Web Applications Hosted on OSN-Based Cloud Platforms , 2018 .

[29]  Hao Hu,et al.  Improving Web Sites Performance Using Edge Servers in Fog Computing Architecture , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[30]  Brij Bhooshan Gupta,et al.  Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud , 2017, Int. J. Cloud Appl. Comput..

[31]  Brij Bhooshan Gupta,et al.  Robust injection point-based framework for modern applications against XSS vulnerabilities in online social networks , 2018, Int. J. Inf. Comput. Secur..