RAJIVE: restricting the abuse of JavaScript injection vulnerabilities on cloud data centre by sensing the violation in expected workflow of web applications

摘要

This article introduces a novel defensive framework that detects and obstructs the exploitation of malicious JavaScript (JS) injection by spotting the violation in the expected workflow of web applications deployed on the cloud data centres. The framework initially generates some categories of axioms by examining the strings of HTTP request and response. Likewise, it detects the deviation in the intended workflow of web application by examining the violation in such generated axioms. The prototype of our work was developed in Java development framework and installed on the virtual machines of cloud data centres located at the core of network. Susceptible web applications were utilised for evaluating the workflow violation detection capability in order to obstruct the execution of XSS worms on the cloud data centres. Evaluation result revealed that framework detects the injection of XSS worms with high precision rate and lesser rate of false positives and false negatives.