检索结果-南通市图书馆

Deploying Hybrid Ensemble Machine Learning Techniques for Effective cross-site scripting(XSS)Attack Detection

Computers, Materials & Continua 2024年第10期81卷 707-748页

作者： Noor Ullah Bacha Songfeng Lu Attiq Ur Rehman Muhammad Idrees Yazeed Yasin Ghadi Tahani Jaser Alahmadi School of Cyber Science and Engineering Huazhong University of Science and TechnologyWuhan430073China Department of Computer Science and Engineering University of Engineering and TechnologyLahore54000Pakistan Department of Computer Science and Software Engineering Al Ain UniversityAl Ain12555Abu Dhabi Department of Information Systems College of Computer and Information SciencesPrincess Nourah bint Abdulrahman UniversityRiyadh84428Saudi Arabia

cross-site scripting(XSS)remains a significant threat to web application security,exploiting vulnerabilities to hijack user sessions and steal sensitive *** detection methods often fail to keep pace with the evolving sophistication of cyber *** paper introduces a novel hybrid ensemble learning framework that leverages a combination of advanced machine learning algorithms—Logistic Regression(LR),Support Vector Machines(SVM),eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),and Deep Neural Networks(DNN).Utilizing the XSS-Attacks-2021 dataset,which comprises 460 instances across various real-world trafficrelated scenarios,this framework significantly enhances XSS attack *** approach,which includes rigorous feature engineering and model tuning,not only optimizes accuracy but also effectively minimizes false positives(FP)(0.13%)and false negatives(FN)(0.19%).This comprehensive methodology has been rigorously validated,achieving an unprecedented accuracy of 99.87%.The proposed system is scalable and efficient,capable of adapting to the increasing number of web applications and user demands without a decline in *** demonstrates exceptional real-time capabilities,with the ability to detect XSS attacks dynamically,maintaining high accuracy and low latency even under significant ***,despite the computational complexity introduced by the hybrid ensemble approach,strategic use of parallel processing and algorithm tuning ensures that the system remains scalable and performs robustly in real-time *** for easy integration with existing web security systems,our framework supports adaptable Application Programming Interfaces(APIs)and a modular design,facilitating seamless augmentation of current *** innovation represents a significant advancement in cybersecurity,offering a scalable and effective solution for securing modern web applications against evolving threats.

关键词： cross-site scripting machine learning XSS detection stacking ensemble learning hybrid learning

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

XAS:cross-API scripting attacks in social ecosystems

引用

Science China(Information Sciences) 2015年第1期58卷 42-55页

作者： ZHANG YuQing LIU QiXu LUO QiHan WANG XiaLi National Computer Network Intrusion Protection Center University of Chinese Academy of Sciences

With the rapid development of online social networks, various Web application programming interfaces(APIs) on social platforms are released to share profitable social data with all kinds of third-party online services. However, it also brings new risks to social networks once Web APIs are insecurely designed,implemented, and invoked. The focused topic in this paper is security analysis of a new type of cross-site scripting(XSS) which is based on Web APIs in new complicated social ecosystems which consist of social networks,third-party apps, and other online services. In this paper, we refer to Web API-based XSS as cross-API scripting(XAS). For the first time, we take typical XAS attacks in diversified context as cases to demonstrate the new exploiting opportunities and threats in social ecosystems. Also, we design a tool to identify the design and implementation flaws of Web APIs in 11 popular social networks. We discover several security flaws of API via our experiment. According to the results, we conclude causes of XAS flaws in depth. We also examined 143Web-based apps and verified the prevalence of XAS flaws. Finally, we proposed preliminary measures both in social networks and third-party applications to alleviate XAS.

关键词： Web security social network Web APIs cross-API scripting cross-site scripting

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Design & Test of an Advanced Web Security Analysis Tool (AWSAT)

引用

Journal of Software Engineering and Applications 2024年第5期17卷 448-461页

作者： Meenakshi S. P. Manikandaswamy Vijay Madisetti School of Cybersecurity and Privacy Georgia Institute of Technology Atlanta USA

Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as cross-site scripting (XSS), SQL Injection, and cross-site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.

关键词： Web Security Automated Analysis Vulnerability Assessment Web Scanning cross-site scripting SQL Injection cross-site Request Forgery

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：