XSSPro: XSS Attack Detection Proxy to Defend Social Networking Platforms

摘要

Social Platforms transpired as the fascinating attack surface to explode multitude of cyber-attacks as it facilitates sharing of personal and professional information. XSS vulnerability exists approximately in 80% of the social platforms. Hence, this paper presents an approach, XSSPro, to defend social networking platforms against XSS attacks. XSSPro operates through isolating the JavaScript code in the external file and performs decoding operation. The context of each injected JS code is identified and then similar scripts are grouped together to optimize the performance of XSSPro. Finally, extracted scripts are matched against the XSS attack vector repository to detect XSS attack. If matched then it is refined by using XSS APIs, otherwise, the response is XSS free and sent to the user. Experimental results revealed that XSSPro achieved an accuracy of 0.99 and is effective against thwarting XSS attack triggered using new features of the built-in code language with low false alarm rate.