A PU‐learning based approach for cross‐site scripting attacking reality detection

Wenbo Wang; Peng Yi; Huikai Xu

doi:10.1049/ntw2.12123

IET Networks (Jul 2024)

A PU‐learning based approach for cross‐site scripting attacking reality detection

Wenbo Wang,
Peng Yi,
Huikai Xu

Affiliations

Wenbo Wang: Information Engineering University Zhengzhou China
Peng Yi: Information Engineering University Zhengzhou China
Huikai Xu: Tsinghua University Beijing China

DOI: https://doi.org/10.1049/ntw2.12123
Journal volume & issue: Vol. 13, no. 4
pp. 313 – 323

Abstract

Read online

Abstract Cross‐site scripting (XSS) attack has been one of the most dangerous attacks in cyberspace security. Traditional methods essentially discover XSS attack by detecting malicious payloads in requests, which is unable to distinguish attacking attempts with the attacking reality. The authors collect responses from a web server and train a bagging‐based PU learning model to determine whether the XSS vulnerability is truly triggered. To validate the authors’ proposed framework, experiments are performed on 5 popular web applications with 11 specified CVE recorded vulnerabilities and 32 vulnerable inputs. Results show that the authors’ approach outperforms existing research studies, effectively identifies the attacking reality from attacking attempts, and meanwhile reduces the number of worthless security alarms.

Published in IET Networks

ISSN: 2047-4954 (Print); 2047-4962 (Online)
Publisher: Wiley
Country of publisher: United Kingdom
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: https://ietresearch.onlinelibrary.wiley.com/journal/20474962

About the journal

Abstract

Keywords