Visible to the public Biblio

Filters: Keyword is rule-based WAF  [Clear All Filters]
2020-09-28
Li, Lin, Wei, Linfeng.  2019.  Automatic XSS Detection and Automatic Anti-Anti-Virus Payload Generation. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :71–76.
In the Web 2.0 era, user interaction makes Web application more diverse, but brings threats, among which XSS vulnerability is the common and pernicious one. In order to promote the efficiency of XSS detection, this paper investigates the parameter characteristics of malicious XSS attacks. We identify whether a parameter is malicious or not through detecting user input parameters with SVM algorithm. The original malicious XSS parameters are deformed by DQN algorithm for reinforcement learning for rule-based WAF to be anti-anti-virus. Based on this method, we can identify whether a specific WAF is secure. The above model creates a more efficient automatic XSS detection tool and a more targeted automatic anti-anti-virus payload generation tool. This paper also explores the automatic generation of XSS attack codes with RNN LSTM algorithm.