Kuwait Journal of Science (Apr 2014)

Improved cross site scripting filter for input validation against attacks in web services

  • ELANGOVAN UMA,
  • ARPUTHARAJ KANNAN

Journal volume & issue
Vol. 41, no. 2

Abstract

Read online

Nowadays, everybody needs to handle sensitive data like online banking account details and other information related to financial transactions on the Internet. In this scenario, many Web attacks such as injection attacks are targeted on these sensitive data. Such attacks are carried out by running scripts on users computers that utilize vulnerably coded client/server pages. Moreover, these attacks run malicious codes to steal personal information from the server. Though this code can easily be generated by the attacker, it is very difficult to prevent it by the current cross site scripting filters due to their lack in detection accuracy. Therefore, cross site scripting attack is a challenging issue for the Internet users. Hence, it is necessary to detect and prevent the injection attacks through efficient schemes. However, most of the existing schemes lack this capability in terms of accuracy and need further improvement. In this paper, a new self-aware message analysis cum validation algorithm has been proposed for detecting and filtering various types of Web Service attacks. This proposed system receives requests and generates suitable response from the dummy server page to analyze the nature of attack. New policies are created in this work to analyze the response and forward the legitimate request to original Web Service page. The proposed injection filters have been tested with all possible attacks for verifying the robustness of filtering policies. The results obtained from this work show that the proposed filtering policy is highly robust in refining the malicious message. The implementation and accuracy of the proposed approach has been proved through extensive testing using real-world cross site scripting generation and analysis. The results obtained from the work show that the proposed filtering policy is very strong in refining the malicious message, which contains attacks such as cross site scripting, injection, message replay and semantic attacks. We demonstrated the implementation and accuracy of our approach through extended testing using real-world cross site scripting exploits.

Keywords