Development of web browser prototype with embedded classification capability for mitigating Cross-Site Scripting attacks

Mitigation of Cross-Site Scripting (XSS) with machine learning techniques is the recent interest of researchers. A large amount of research work is reported in this domain. A lack of real-time tools working on the basis of these approaches is a gap in this domain. In this work, a web browser that wo...

Full description

Saved in:
Bibliographic Details
Published inApplied soft computing Vol. 102; p. 106873
Main Authors Malviya, Vikas K., Rai, Sawan, Gupta, Atul
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.04.2021
Subjects
Classification
Cross-Site Scripting
Machine learning
Web browser
XSS
XSS
Cross-Site Scripting
Web browser
Machine learning
Classification
Online AccessGet full text

Cover

More Information
Summary:Mitigation of Cross-Site Scripting (XSS) with machine learning techniques is the recent interest of researchers. A large amount of research work is reported in this domain. A lack of real-time tools working on the basis of these approaches is a gap in this domain. In this work, a web browser that works on machine learning classification to mitigate XSS attacks is developed. This browser classifies webpages into malicious and non-malicious pages using features identified by observation of malicious web pages and features collected from the different authors works. Classification experiments are conducted to evaluate the effectiveness of these features, and it is found that this approach performs better than other proposed methods in terms of classification accuracy, precision, recall, and F1-score. A web browser is implemented with the open-source browser WebKit. Experiments are conducted to assess the overhead created by the added functionality of classification in the web browser. The browser is found effective in classifying web pages and in real-time browsing scenarios with very less generated overhead. This makes web browser better than other proposed solutions to mitigate (XSS) attacks with minimal overhead. This developed web browser will be beneficial not only for researchers working in this domain but also for the users who can be the victims of XSS attacks. •Identification of web page features which can indicate maliciousness.•Evaluation of these identified features using machine learning classification.•Practical implementation of these features in the form of a web browser.•Assessment of generated overhead with the added maliciousness detection module in we browser.
ISSN:1568-4946
1872-9681
DOI:10.1016/j.asoc.2020.106873