A Study on XSS Attacks: Intelligent Detection Methods

Cross-site scripting is one of the standard web application attacks vulnerable to the application layer. The attacker handles malicious scripting for trusted websites and inject the script. There are numerous types of XSS scripting vulnerable to attack websites incredibly open web applications. The attacker can load or redirect to the malicious webpage. The XSS is susceptible to attack significant websites like medical, e-commerce, banking, etc. The detection and prevention of XSS attacks are still complicated. Plenty of research has been carried out to control the XSS based attack. This paper analyses the XSS attack detection methods by various performance metrics. Numerous works issued in the widespread journals between 2019 and 2020 are reviewed in this paper to accomplish these requirements. The reviewed articles are compared concerning algorithms’ simplicity, the type they belong, and the performance metrics. The work assumed that the movement in the application of elementary methods to detect XSS attacks is better than the recommendations that custom some artificial-intelligence techniques.

[1]  E. Alba,et al.  Software systems from smart city vendors , 2020 .

[2]  Brij B. Gupta,et al.  Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications , 2016 .

[3]  Uyen Trang Nguyen,et al.  A Study of XSS Worm Propagation and Detection Mechanisms in Online Social Networks , 2013, IEEE Transactions on Information Forensics and Security.

[4]  Yun Zhou,et al.  An ensemble learning approach for XSS attack detection with domain knowledge and threat intelligence , 2019, Comput. Secur..

[5]  Lwin Khin Shar,et al.  Auditing the XSS defence features implemented in web application programs , 2012, IET Softw..

[6]  Jie Wei,et al.  Information sharing and sales patterns choice in a supply chain with product’s greening improvement , 2021 .

[7]  Brij B. Gupta,et al.  CSSXC: Context-sensitive Sanitization Framework for Web Applications against XSS Vulnerabilities in Cloud Environments , 2016 .

[8]  Giuseppe Bianchi,et al.  CODDLE: Code-Injection Detection With Deep Learning , 2019, IEEE Access.

[9]  Robert M. Davison,et al.  A symbolic interactionism perspective of using social media for personal and business communication , 2020, Int. J. Inf. Manag..

[10]  Brij B. Gupta,et al.  Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment , 2016 .

[11]  Novia Admodisastro,et al.  Current state of research on cross-site scripting (XSS) - A systematic literature review , 2015, Inf. Softw. Technol..

[12]  Sajjad Shokouhyar,et al.  Toward consumer perception of cellphones sustainability: A social media analytics , 2021 .

[13]  Xiaohong Li,et al.  TT-XSS: A novel taint tracking based dynamic detection framework for DOM Cross-Site Scripting , 2017, J. Parallel Distributed Comput..

[14]  Daniel Baier,et al.  Chatbots in retailers’ customer communication: How to measure their acceptance? , 2020 .

[15]  Matthew Wilson,et al.  Collaborative intelligence: How human and artificial intelligence create value along the B2B sales funnel , 2020, Business Horizons.

[16]  Xueqin Zhang,et al.  Adversarial Examples Detection for XSS Attacks Based on Generative Adversarial Networks , 2020, IEEE Access.

[17]  Jugal K. Kalita,et al.  A survey of detection methods for XSS attacks , 2018, J. Netw. Comput. Appl..

[18]  Baojiang Cui,et al.  Detecting Malicious URLs via a Keyword-Based Convolutional Gated-Recurrent-Unit Neural Network , 2019, IEEE Access.

[19]  Boyu Zhang,et al.  A Survey of Exploitation and Detection Methods of XSS Vulnerabilities , 2019, IEEE Access.

[20]  Antonín Steinhauser,et al.  Database Traffic Interception for Graybox Detection of Stored and Context-sensitive XSS , 2020, ArXiv.

[21]  Ian Welch,et al.  How do they find us? A study of geolocation tracking techniques of malicious web sites , 2020, Comput. Secur..

[22]  Faheem Akhtar,et al.  MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique , 2019, IEEE Access.

[23]  M.I.P. Salas,et al.  Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security , 2014, CLEI Selected Papers.

[24]  Wei Ye,et al.  Anomaly-Based Web Attack Detection: A Deep Learning Approach , 2017, ICNCC.

[25]  Jenny Torres,et al.  Cross-site scripting (XSS) attacks and mitigation: A survey , 2020, Comput. Networks.

[26]  Jianwei Hu,et al.  A Survey on XSS Attack Detection and Prevention in Web Applications , 2020, ICMLC.

[27]  Choon Lin Tan,et al.  A survey of phishing attacks: Their types, vectors and technical approaches , 2018, Expert Syst. Appl..

[28]  Ren-Hung Hwang,et al.  Web attacks: defeating monetisation attempts , 2019, Netw. Secur..

[29]  Yang Li,et al.  DeepXSS: Cross Site Scripting Detection Based on Deep Learning , 2018, ICCAI.

[30]  A. Ghezzi,et al.  Smart Products value creation in SMEs innovation ecosystems , 2020 .

[31]  Zarul Fitri Zaaba,et al.  Cross Site Scripting: Removing Approaches in Web Application , 2017 .

[32]  Gurpreet Kaur,et al.  Efficient yet Robust Elimination of XSS Attack Vectors from HTML5 Web Applications Hosted on OSN-Based Cloud Platforms , 2018 .

[33]  Brij Bhooshan Gupta,et al.  Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network , 2018, Future Gener. Comput. Syst..

[34]  Rafael Anaya-Sánchez,et al.  Analyzing the effect of social support and community factors on customer engagement and its impact on loyalty behaviors toward social commerce websites , 2020, Comput. Hum. Behav..

[35]  Ali Vatankhah Barenji,et al.  Toward blockchain and fog computing collaborative design and manufacturing platform: Support customer view , 2021, Robotics Comput. Integr. Manuf..