Title | Automatic XSS Detection and Automatic Anti-Anti-Virus Payload Generation |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Li, Lin, Wei, Linfeng |
Conference Name | 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) |
Date Published | oct |
Keywords | automatic anti-anti-virus payload generation tool, automatic bypassing, automatic detection, automatic generation, automatic XSS detection tool, Browsers, computer viruses, Cross Site Scripting, cross-site scripting, DQN algorithm, feature extraction, Human Behavior, Internet, learning (artificial intelligence), machine learning, malicious XSS attacks, malicious XSS parameters, parameter characteristics, Payloads, pubcrawl, recurrent neural nets, reinforcement learning, Resiliency, RNN LSTM algorithm, rule-based WAF, Scalability, Support vector machines, SVM algorithm, Tools, Training, user input parameters, user interaction, Web 2.0 era, Web application, XSS attack, XSS attack codes, XSS vulnerability |
Abstract | In the Web 2.0 era, user interaction makes Web application more diverse, but brings threats, among which XSS vulnerability is the common and pernicious one. In order to promote the efficiency of XSS detection, this paper investigates the parameter characteristics of malicious XSS attacks. We identify whether a parameter is malicious or not through detecting user input parameters with SVM algorithm. The original malicious XSS parameters are deformed by DQN algorithm for reinforcement learning for rule-based WAF to be anti-anti-virus. Based on this method, we can identify whether a specific WAF is secure. The above model creates a more efficient automatic XSS detection tool and a more targeted automatic anti-anti-virus payload generation tool. This paper also explores the automatic generation of XSS attack codes with RNN LSTM algorithm. |
DOI | 10.1109/CyberC.2019.00021 |
Citation Key | li_automatic_2019 |