Visible to the public Automatic XSS Detection and Automatic Anti-Anti-Virus Payload Generation

TitleAutomatic XSS Detection and Automatic Anti-Anti-Virus Payload Generation
Publication TypeConference Paper
Year of Publication2019
AuthorsLi, Lin, Wei, Linfeng
Conference Name2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)
Date Publishedoct
Keywordsautomatic anti-anti-virus payload generation tool, automatic bypassing, automatic detection, automatic generation, automatic XSS detection tool, Browsers, computer viruses, Cross Site Scripting, cross-site scripting, DQN algorithm, feature extraction, Human Behavior, Internet, learning (artificial intelligence), machine learning, malicious XSS attacks, malicious XSS parameters, parameter characteristics, Payloads, pubcrawl, recurrent neural nets, reinforcement learning, Resiliency, RNN LSTM algorithm, rule-based WAF, Scalability, Support vector machines, SVM algorithm, Tools, Training, user input parameters, user interaction, Web 2.0 era, Web application, XSS attack, XSS attack codes, XSS vulnerability
AbstractIn the Web 2.0 era, user interaction makes Web application more diverse, but brings threats, among which XSS vulnerability is the common and pernicious one. In order to promote the efficiency of XSS detection, this paper investigates the parameter characteristics of malicious XSS attacks. We identify whether a parameter is malicious or not through detecting user input parameters with SVM algorithm. The original malicious XSS parameters are deformed by DQN algorithm for reinforcement learning for rule-based WAF to be anti-anti-virus. Based on this method, we can identify whether a specific WAF is secure. The above model creates a more efficient automatic XSS detection tool and a more targeted automatic anti-anti-virus payload generation tool. This paper also explores the automatic generation of XSS attack codes with RNN LSTM algorithm.
DOI10.1109/CyberC.2019.00021
Citation Keyli_automatic_2019