• DocumentCode
    2730631
  • Title

    Automatic classification of cross-site scripting in web pages using document-based and URL-based features

  • Author

    Nunan, Angelo Eduardo ; Souto, Eduardo ; Santos, Eulanda M dos ; Feitosa, Eduardo

  • Author_Institution
    Inst. of Comput. (ICOMP), Fed. Univ. of Amazonas, Manaus, Brazil
  • fYear
    2012
  • fDate
    1-4 July 2012
  • Abstract
    The structure of dynamic websites comprised of a set of objects such as HTML tags, script functions, hyperlinks and advanced features in browsers lead to numerous resources and interactiveness in services currently provided on the Internet. However, these features have also increased security risks and attacks since they allow malicious codes injection or XSS (Cross-Site Scripting). XSS remains at the top of the lists of the greatest threats to web applications in recent years. This paper presents the experimental results obtained on XSS automatic classification in web pages using Machine Learning techniques. We focus on features extracted from web document content and URL. Our results demonstrate that the proposed features lead to highly accurate classification of malicious page.
  • Keywords
    Web sites; document handling; learning (artificial intelligence); pattern classification; security of data; HTML tag; Internet; URL-based feature; Web application; Web document content; Web page; Web site; XSS; XSS automatic classification; browser feature; cross-site scripting; cross-site scripting classification; document-based feature; hyperlink; machine learning technique; malicious codes injection; malicious page classification; script function; security attack; security risk; service interactiveness; service resource; Browsers; Databases; Encoding; Feature extraction; HTML; Support vector machines; Web pages; cross-site scripting; machine learning; scripting languages security; web application security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computers and Communications (ISCC), 2012 IEEE Symposium on
  • Conference_Location
    Cappadocia
  • ISSN
    1530-1346
  • Print_ISBN
    978-1-4673-2712-1
  • Electronic_ISBN
    1530-1346
  • Type

    conf

  • DOI
    10.1109/ISCC.2012.6249380
  • Filename
    6249380
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2730631