Title :
Automatic classification of cross-site scripting in web pages using document-based and URL-based features
Author :
Nunan, Angelo Eduardo ; Souto, Eduardo ; Santos, Eulanda M dos ; Feitosa, Eduardo
Author_Institution :
Inst. of Comput. (ICOMP), Fed. Univ. of Amazonas, Manaus, Brazil
Abstract :
The structure of dynamic websites comprised of a set of objects such as HTML tags, script functions, hyperlinks and advanced features in browsers lead to numerous resources and interactiveness in services currently provided on the Internet. However, these features have also increased security risks and attacks since they allow malicious codes injection or XSS (Cross-Site Scripting). XSS remains at the top of the lists of the greatest threats to web applications in recent years. This paper presents the experimental results obtained on XSS automatic classification in web pages using Machine Learning techniques. We focus on features extracted from web document content and URL. Our results demonstrate that the proposed features lead to highly accurate classification of malicious page.
Keywords :
Web sites; document handling; learning (artificial intelligence); pattern classification; security of data; HTML tag; Internet; URL-based feature; Web application; Web document content; Web page; Web site; XSS; XSS automatic classification; browser feature; cross-site scripting; cross-site scripting classification; document-based feature; hyperlink; machine learning technique; malicious codes injection; malicious page classification; script function; security attack; security risk; service interactiveness; service resource; Browsers; Databases; Encoding; Feature extraction; HTML; Support vector machines; Web pages; cross-site scripting; machine learning; scripting languages security; web application security;
Conference_Titel :
Computers and Communications (ISCC), 2012 IEEE Symposium on
Conference_Location :
Cappadocia
Print_ISBN :
978-1-4673-2712-1
Electronic_ISBN :
1530-1346
DOI :
10.1109/ISCC.2012.6249380
