Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System
Copyright policy )Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System
With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.
- Ahmadu Bello University Nigeria
FOS: Computer and information sciences, Artificial intelligence, Denial-of-service attack, Computer Networks and Communications, False positive paradox, Web Application Security and Vulnerability Detection, Security Testing, Cross-Site Scripting, Characterization and Detection of Android Malware, Computer security, Web application security, Web development, Cross-site scripting, Information security, Malicious Code Detection, QA75.5-76.95, Scripting language, Computer science, World Wide Web, Operating system, Electronic computers. Computer science, Security service, Computer Science, Physical Sciences, Signal Processing, Network Intrusion Detection and Defense Mechanisms, Web Application, Security Analysis, Web application, The Internet, Confidentiality, Information Systems, Internet security
FOS: Computer and information sciences, Artificial intelligence, Denial-of-service attack, Computer Networks and Communications, False positive paradox, Web Application Security and Vulnerability Detection, Security Testing, Cross-Site Scripting, Characterization and Detection of Android Malware, Computer security, Web application security, Web development, Cross-site scripting, Information security, Malicious Code Detection, QA75.5-76.95, Scripting language, Computer science, World Wide Web, Operating system, Electronic computers. Computer science, Security service, Computer Science, Physical Sciences, Signal Processing, Network Intrusion Detection and Defense Mechanisms, Web Application, Security Analysis, Web application, The Internet, Confidentiality, Information Systems, Internet security
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).29 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 10%
Citations provided by BIP!Popularity provided by BIP!