Structural Learning of Attack Vectors for Generating Mutated XSS Attacks
Open Access
- 17 September 2010
- journal article
- Published by Open Publishing Association in Electronic Proceedings in Theoretical Computer Science
- Vol. 35, 15-26
- https://doi.org/10.4204/eptcs.35.2
Abstract
Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Keywords
This publication has 12 references indexed in Scilit:
- State of the Art: Automated Black-Box Web Application Vulnerability TestingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Automatic creation of SQL Injection and cross-site scripting attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- Leveraging User Interactions for In-Depth Testing of Web ApplicationsLecture Notes in Computer Science, 2008
- Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications2008 IEEE Symposium on Security and Privacy (SP 2008), 2008
- SecuBatPublished by Association for Computing Machinery (ACM) ,2006
- Pixy: a static analysis tool for detecting Web application vulnerabilitiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Links between probabilistic automata and hidden Markov models: probability distributions, learning models and induction algorithmsPattern Recognition, 2005
- Bypass Testing of Web ApplicationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- A taxonomy of network and computer attacksComputers & Security, 2004
- An introduction to hidden Markov modelsIEEE ASSP Magazine, 1986