Research On Cross-site Scripting Attacks Detection Technology

With the development of the network technology, hackers gradually attack the Web applications instead of network servers. According to Gartner’s latest survey in2011,75%of the security attacks happened in the Web application area. Cross-site scripting attacks are caused by the failure of the application to check the users’input before returning it to the clients’web browser. User input may include malicious script code which steal users’sensitive information or cause security attacks. Cross-site scripting has been considered as the major threat to the security of the web applications and was reported as one of the most Top ten serious risks by OWASP for several years. So the research on cross-site scripting attacks has significant academic and practical value to enhance the Web applications’security. This paper focuses on the study of detection technology of cross-site scripting attacks. Our main work and innovation are as below.Firstly, this paper researches on the cross-site scripting attacks detection technology, detail description and background of cross-site scripting attacks are given. The concept and three types of cross-site scripting are introduced, and various implementations of cross-site scripting attacks are described. Based on these description, demos of sensitive information stealing, phishing and other attacks are given. The current detection techniques are divided into three catagories, client-based detection, server-based detection and the combination of client and server detection. The advantages and disadvantages of each method are descripted at last.Secondly, since static analysis detection on client sides has a high rate of false positives, we propose a detection method by analying the depth of attack vector’s semantic-tree of the URL. We extract the parameters of the URL to produce a valid JavaScript syntax tree, weight its parsing depth, and then construct a detection model. For those exception URLs, a second level of defense is formed by analyzing its structure feature. Ten thousands of malicious URLs are used to evaluate the effectiveness of our method.Finally, a mutated attack vector method to detect the cross-site scripting of Web application is proposed. Based on analysis of the current cross-site scripting attacks, a set of mutated rules are defined and a mutated algorithm is proposed to generate attack vectors automatically. The experiment results conducted on three real Web applications show the proposed approach is more accurate than Paros and WebScarab.In summary, by sufficient analysis on the current detection technology, the paper proposes two detection methods based on the depth of attack vector parsed semantic tree and mutated XSS attack vector. The results of experiments show the feasibility and advanced of our methods.