Next Article in Journal
Studies of Buried Layers and Interfaces of Tungsten Carbide Coatings on the MWCNT Surface by XPS and NEXAFS Spectroscopy
Next Article in Special Issue
Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features
Previous Article in Journal
Multiclass Non-Randomized Spectral–Spatial Active Learning for Hyperspectral Image Classification
Previous Article in Special Issue
Providing Email Privacy by Preventing Webmail from Loading Malicious XSS Payloads
Open AccessArticle

Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining

by 1,†, 1,†, 1,† and 1,2,*
1
College of Cybersecurity, Sichuan University, Chengdu 610064, China
2
Guangxi Key Laboratory of Cryptography and Information Security, Guilin 541004, China
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Appl. Sci. 2020, 10(14), 4740; https://doi.org/10.3390/app10144740
Received: 7 June 2020 / Revised: 26 June 2020 / Accepted: 2 July 2020 / Published: 9 July 2020
The largest number of cybersecurity attacks is on web applications, in which Cross-Site Scripting (XSS) is the most popular way. The code audit is the main method to avoid the damage of XSS at the source code level. However, there are numerous limits implementing manual audits and rule-based audit tools. In the age of big data, it is a new research field to assist the manual auditing through machine learning. In this paper, we propose a new way to audit the XSS vulnerability in PHP source code snippets based on a PHP code parsing tool and the machine learning algorithm. We analyzed the operation sequence of source code and built a model to acquire the information that is most closely related to the XSS attack in the data stream. The method proposed can significantly improve the recall rate of vulnerability samples. Compared with related audit methods, our method has high reusability and excellent performance. Our classification model achieved an F1 score of 0.92, a recall rate of 0.98 (vulnerable sample), and an area under curve (AUC) of 0.97 on the test dataset. View Full-Text
Keywords: vulnerability detection; code audit; cross-site scripting; machine learning vulnerability detection; code audit; cross-site scripting; machine learning
Show Figures

Graphical abstract

MDPI and ACS Style

Li, C.; Wang, Y.; Miao, C.; Huang, C. Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining. Appl. Sci. 2020, 10, 4740. https://doi.org/10.3390/app10144740

AMA Style

Li C, Wang Y, Miao C, Huang C. Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining. Applied Sciences. 2020; 10(14):4740. https://doi.org/10.3390/app10144740

Chicago/Turabian Style

Li, Chenghao; Wang, Yiding; Miao, Changwei; Huang, Cheng. 2020. "Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining" Appl. Sci. 10, no. 14: 4740. https://doi.org/10.3390/app10144740

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop