Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System

IF 2 Q3 TELECOMMUNICATIONS Journal of Computer Networks and Communications Pub Date : 2018-08-01 DOI:10.1155/2018/8159548
Bakare K. Ayeni, Junaidu B. Sahalu, Kolawole R. Adeyanju
{"title":"Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System","authors":"Bakare K. Ayeni, Junaidu B. Sahalu, Kolawole R. Adeyanju","doi":"10.1155/2018/8159548","DOIUrl":null,"url":null,"abstract":"With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.","PeriodicalId":45621,"journal":{"name":"Journal of Computer Networks and Communications","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1155/2018/8159548","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Networks and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2018/8159548","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 6

Abstract

With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
利用模糊推理系统检测Web应用程序中的跨站脚本
随着计算和技术的进步,基于web的应用程序现在在互联网上无处不在。然而,这些web应用程序在信息传输过程中容易出现漏洞,导致机密信息被盗、数据丢失、数据访问被拒绝。跨站点脚本(XSS)是一种网络安全攻击形式,它涉及从不受信任的来源向web应用程序注入恶意代码。有趣的是,最近对web应用程序安全中心的研究主要集中在攻击预防和安全编码机制上;这些攻击的最新方法不仅产生高误报,而且很少考虑经常成为恶意攻击受害者的用户。受此问题的启发,本文描述了一种用于检测web应用程序中的跨站点脚本缺陷的“智能”工具。本文介绍了一种基于模糊逻辑的跨站攻击弱点检测方法,并给出了一些实验结果。我们的检测框架的准确性提高了15%,假阳性率降低了0.01%,这大大低于Koli等人在现有工作中发现的结果。我们的方法也可以作为用户的决策工具。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
5.30
自引率
5.00%
发文量
18
审稿时长
15 weeks
期刊介绍: The Journal of Computer Networks and Communications publishes articles, both theoretical and practical, investigating computer networks and communications. Articles explore the architectures, protocols, and applications for networks across the full spectrum of sizes (LAN, PAN, MAN, WAN…) and uses (SAN, EPN, VPN…). Investigations related to topical areas of research are especially encouraged, including mobile and wireless networks, cloud and fog computing, the Internet of Things, and next generation technologies. Submission of original research, and focused review articles, is welcomed from both academic and commercial communities.
期刊最新文献
A Systematic Review of Blockchain Technology Assisted with Artificial Intelligence Technology for Networks and Communication Systems A Systematic Review of Blockchain Technology Assisted with Artificial Intelligence Technology for Networks and Communication Systems Development of an AI-Enabled Q-Agent for Making Data Offloading Decisions in a Multi-RAT Wireless Network Maximum Entropy Principle Based on Bank Customer Account Validation Using the Spark Method Detecting Application-Level Associations Between IoT Devices Using a Modified Apriori Algorithm
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1