Cargando…
GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services
According to OWASP 2021, cross-site scripting (XSS) attacks are increasing through specially crafted XML documents. The attacker injects a malicious payload with a new pattern and combination of scripts, functions, and tags that deceits the existing security mechanisms in web services. This paper pr...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Hindawi
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9252680/ https://www.ncbi.nlm.nih.gov/pubmed/35795743 http://dx.doi.org/10.1155/2022/3675821 |
| _version_ | 1784740320796213248 |
|---|---|
| author | Gupta, Charu Singh, Rakesh Kumar Mohapatra, Amar Kumar |
| author_facet | Gupta, Charu Singh, Rakesh Kumar Mohapatra, Amar Kumar |
| author_sort | Gupta, Charu |
| collection | PubMed |
| description | According to OWASP 2021, cross-site scripting (XSS) attacks are increasing through specially crafted XML documents. The attacker injects a malicious payload with a new pattern and combination of scripts, functions, and tags that deceits the existing security mechanisms in web services. This paper proposes an approach, GeneMiner, encompassing GeneMiner-E to extract new features and GeneMiner-C for classification of input payloads as malicious and nonmalicious. The proposed approach evolves itself to the changing patterns of attack payloads and identifies adversarial XSS attacks. The experiments have been conducted by collecting data from open source and generating various combinations of scripts, functions, and tags using an incremental genetic algorithm. The experimental results show that the proposed approach effectively detects newly crafted malicious XSS payloads with an accuracy of 98.5%, which is better than the existing classification techniques. The approach learns variations in the existing attack sample space and identifies the new attack payloads with reduced efforts. |
| format | Online Article Text |
| id | pubmed-9252680 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Hindawi |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-92526802022-07-05 GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services Gupta, Charu Singh, Rakesh Kumar Mohapatra, Amar Kumar Comput Intell Neurosci Research Article According to OWASP 2021, cross-site scripting (XSS) attacks are increasing through specially crafted XML documents. The attacker injects a malicious payload with a new pattern and combination of scripts, functions, and tags that deceits the existing security mechanisms in web services. This paper proposes an approach, GeneMiner, encompassing GeneMiner-E to extract new features and GeneMiner-C for classification of input payloads as malicious and nonmalicious. The proposed approach evolves itself to the changing patterns of attack payloads and identifies adversarial XSS attacks. The experiments have been conducted by collecting data from open source and generating various combinations of scripts, functions, and tags using an incremental genetic algorithm. The experimental results show that the proposed approach effectively detects newly crafted malicious XSS payloads with an accuracy of 98.5%, which is better than the existing classification techniques. The approach learns variations in the existing attack sample space and identifies the new attack payloads with reduced efforts. Hindawi 2022-06-25 /pmc/articles/PMC9252680/ /pubmed/35795743 http://dx.doi.org/10.1155/2022/3675821 Text en Copyright © 2022 Charu Gupta et al. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
| spellingShingle | Research Article Gupta, Charu Singh, Rakesh Kumar Mohapatra, Amar Kumar GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services |
| title | GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services |
| title_full | GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services |
| title_fullStr | GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services |
| title_full_unstemmed | GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services |
| title_short | GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services |
| title_sort | geneminer: a classification approach for detection of xss attacks on web services |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9252680/ https://www.ncbi.nlm.nih.gov/pubmed/35795743 http://dx.doi.org/10.1155/2022/3675821 |
| work_keys_str_mv | AT guptacharu genemineraclassificationapproachfordetectionofxssattacksonwebservices AT singhrakeshkumar genemineraclassificationapproachfordetectionofxssattacksonwebservices AT mohapatraamarkumar genemineraclassificationapproachfordetectionofxssattacksonwebservices |