IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

Information Theoretic XSS Attack Detection in Web Applications

Information Theoretic XSS Attack Detection in Web Applications
View Sample PDF
Author(s): Hossain Shahriar (Kennesaw State University, USA), Sarah North (Kennesaw State University, USA), Wei-Chuen Chen (Kennesaw State University, USA)and Edward Mawangi (Kennesaw State University, USA)
 Copyright: 2018
 Pages: 16
 Source title: Application Development and Design: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
 DOI: 10.4018/978-1-5225-3422-8.ch042

Purchase

View Information Theoretic XSS Attack Detection in Web Applications on the publisher's website for pricing and purchasing information.

Abstract

Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.

Related Content

Subhadip Kowar, Sneha Mukherjee, Shramana Ghosh. © 2025. 26 pages.
C. V. Suresh Babu, Mala Raja Sekhar, A. Sachin, Bala Brindha. © 2025. 26 pages.
A. D. N. Sarma. © 2025. 32 pages.
Muhammad Usman Tariq. © 2025. 26 pages.
Maaike Stoops, Pablo Alfonso Aguilar Calderón, Óscar Manuel Peña Bañuelos. © 2025. 30 pages.
Pablo Alfonso Aguilar Calderón, José Alfonso Aguilar-Calderón, Dominik Morales-Silva, Carolina Tripp-Barba, Pedro Alfonso Aguilar-Calderón, Aníbal Zaldívar-Colado, Oscar Manuel Peña-Bañuelos. © 2025. 30 pages.
Carlos Villarrubia, David Granada, Juan Manuel Vara. © 2025. 34 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2025, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.