Investigations on auto sanitization process of cross site scripting attacks on the web pages at the client side

Abstract

In recent years, managing the security over the web has gained its importance. Use of appropriate security handling techniques help to solve controversies and to extract interesting scenarios based on the content of the web page. Many varieties of vulnerabilities prevail and Cross-Site Scripting (XSS) vulnerability is ranked among the top ten risks found over the web which is a mandatory issue that requires a solution. XSS vulnerability injects malicious code in many ways that rise during the browsing session. Analysis should be made over the web page to identify whether the page is vulnerable or not. A dataset is formulated that contains malicious and benign data. Malicious data are obtained from the XSS archive [source: www.xssed.com] which contains the vulnerable XSS web pages and benign data are the web pages that are obtained through queries from the Google search engine. The major constraint is the number of Lines of Code (LOC) present in the web page. Classification techniques present in data mining are good enough to manage large amount of data. The technique creates an instance of the supervised learning technique. That is learning from the existing patterns that were spotted to be correct. An excellent classifier is required to find the status of the web page about its vulnerability towards XSS. Many classifiers were analysed in the XSS Detector phaseand#8223; and a comparison of classifiers has been performed over the dataset. A better classifier named J48which suits the dataset is finally chosen for the usage. Generally the efficiency depends on the performance and the accuracy of the classifier. newline newline newline