Adaptive cross-site scripting attack detection framework for smart devices security using intelligent filters and attack ontology

Smart devices are equipped with technology that facilitates communication among devices connected via the Internet. These devices are shipped with a user interface that enables users to perform administrative activities using a web browser linked to the device’s server. Cross-site scripting (XSS) is...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Soft computing (Berlin, Germany) Ročník 27; číslo 8; s. 4593 - 4608
Hlavní autoři: Chaudhary, Pooja, Gupta, B. B., Singh, A. K.
Médium: Journal Article
Jazyk:angličtina
Vydáno: Berlin/Heidelberg Springer Berlin Heidelberg 01.04.2023
Témata:
Artificial Intelligence
Computational Intelligence
Control
Data Analytics and Machine Learning
Engineering
Mathematical Logic and Foundations
Mechatronics
Robotics
Cross-site scripting (XSS) attack
Attack ontology
Self-organizing map algorithm
Internet-of-things (IoT) network
Smart devices
Smart device security
ISSN:1432-7643, 1433-7479
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Smart devices are equipped with technology that facilitates communication among devices connected via the Internet. These devices are shipped with a user interface that enables users to perform administrative activities using a web browser linked to the device’s server. Cross-site scripting (XSS) is the most prevalent web application vulnerability exploited by attackers to compromise smart devices. In this paper, the authors have designed a framework for shielding smart devices from XSS attacks. It is a machine learning-based attack detection framework which employs self-organizing-map (SOM) to classify XSS attack string. The input vector to the SOM is generated based on attack ontology and the changing behavior of the attack strings in different input fields in the device web interface. Additionally, it also sanitizes the injected attack string to neutralize the harmful effects of attack. The experimental results are obtained using the real-world dataset on the XSS attack. We tested the proposed framework on web interface of two smart devices (TP-link Wi-Fi router and HP color printer) containing hidden XSS vulnerabilities. The observed results unveil the robustness of the proposed work against the existing work as it achieves a high accuracy of 0.9904 on the tested dataset. It is a platform-independent attack detection system deployed on the browser or server side.
ISSN:1432-7643
1433-7479
DOI:10.1007/s00500-022-07697-2