Adaptive cross-site scripting attack detection framework for smart devices security using intelligent filters and attack ontology

Smart devices are equipped with technology that facilitates communication among devices connected via the Internet. These devices are shipped with a user interface that enables users to perform administrative activities using a web browser linked to the device’s server. Cross-site scripting (XSS) is...

Full description

Saved in:
Bibliographic Details
Published in:Soft computing (Berlin, Germany) Vol. 27; no. 8; pp. 4593 - 4608
Main Authors: Chaudhary, Pooja, Gupta, B. B., Singh, A. K.
Format: Journal Article
Language:English
Published: Berlin/Heidelberg Springer Berlin Heidelberg 01.04.2023
Subjects:
Artificial Intelligence
Computational Intelligence
Control
Data Analytics and Machine Learning
Engineering
Mathematical Logic and Foundations
Mechatronics
Robotics
Cross-site scripting (XSS) attack
Attack ontology
Self-organizing map algorithm
Internet-of-things (IoT) network
Smart devices
Smart device security
ISSN:1432-7643, 1433-7479
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smart devices are equipped with technology that facilitates communication among devices connected via the Internet. These devices are shipped with a user interface that enables users to perform administrative activities using a web browser linked to the device’s server. Cross-site scripting (XSS) is the most prevalent web application vulnerability exploited by attackers to compromise smart devices. In this paper, the authors have designed a framework for shielding smart devices from XSS attacks. It is a machine learning-based attack detection framework which employs self-organizing-map (SOM) to classify XSS attack string. The input vector to the SOM is generated based on attack ontology and the changing behavior of the attack strings in different input fields in the device web interface. Additionally, it also sanitizes the injected attack string to neutralize the harmful effects of attack. The experimental results are obtained using the real-world dataset on the XSS attack. We tested the proposed framework on web interface of two smart devices (TP-link Wi-Fi router and HP color printer) containing hidden XSS vulnerabilities. The observed results unveil the robustness of the proposed work against the existing work as it achieves a high accuracy of 0.9904 on the tested dataset. It is a platform-independent attack detection system deployed on the browser or server side.
ISSN:1432-7643
1433-7479
DOI:10.1007/s00500-022-07697-2