• PDF / 2,383,330 Bytes
• 10 Pages / 439.37 x 666.142 pts Page_size
• 87 Downloads / 150 Views

DOWNLOAD

REPORT

Abstract Cloud computing is one of the most prospect technologies due to its flexibility and low-cost usage. Several security issues in the cloud are raised by researchers. Cross-site script (XSS) attack is one of the most threats in the Internet. In the past, there are many literatures for detecting XSS attacks were proposed. Unfortunately, fewer studies focus on the detection of XSS attacks in the cloud. In this paper, we propose a mechanism to detect XSS attacks in cloud environments. The framework is also presented. In particular, our mechanism is not need to modify browsers and applications. We demonstrate our mechanism has higher accuracy rate and lower impact on performance of applications in the experiment. It sufficiently shows our mechanism is suitable for real-time detection in XSS attacks for cloud environments. Keywords XSS attack


Cloud computing
Detection
Real-time

W. Kan
T.-Y. Wu (&)
T. Han
C.-W. Lin
C.-M. Chen
J.-S. Pan Innovative Information Industry Research Center, Shenzhen Graduate School, Harbin Institute of Technology, Shenzhen 518055, China e-mail: [email protected] W. Kan e-mail: [email protected] T. Han e-mail: [email protected] C.-W. Lin e-mail: [email protected] C.-M. Chen e-mail: [email protected] J.-S. Pan e-mail: [email protected] C.-W. Lin
C.-M. Chen
J.-S. Pan Shenzhen Key Laboratory of Internet Information Collaboration, Shenzhen 518055, China

Y.-M. Huang et al. (eds.), Advanced Technologies, Embedded and Multimedia for Human-centric Computing, Lecture Notes in Electrical Engineering 260, DOI: 10.1007/978-94-007-7262-5_76,  Springer Science+Business Media Dordrecht 2014

663

664

W. Kan et al.

Introduction Nowadays, cloud computing is obviously one of the most prospect technologies due to its flexibility and low-cost usage. Different from the traditional Internet environments, enterprises can exempt from building expensive infrastructure by the cloud techniques. Hence, many IT companies deploy their web applications into the cloud environments. As we all know, the cloud environments are based on the Internet. Hence, the threats in the traditional Internet environments still exist in the cloud environments. Cross-site script (XSS) attack is one of the most threats in the Internet. It can grab the user’s privacy information and leads other attacks such as fishing, SQL injection, and DDoS. This attack is caused by the script language embed into web applications. In general, the web applications are adopted HTML language, script language, hyperlinks, and other languages to provide resources operating and interaction between the client and the server. However, these languages and methods lead web applications are vulnerable to XSS attacks. Typically, the XSS attack contains the three attacks models: (1) Reflected XSS, (2) Stored XSS, and (3) Dom-based XSS. Up to now, several approaches were proposed to prevent XSS attack such as static analysis [1–3], black-white list [4], taint and flow analysis [5–8], string injection [9–12], machine learning [

Recommend Documents

Efficient Prevention Mechanism Against Spam Attacks for Social Networking Sites

182 5 52MB

Efficient Prevention Mechanism Against Spam Attacks for Social Networking Sites

160 89 23MB

War: An Efficient Pre-processing Method for Defending Adversarial Attacks

180 73 65MB

An Energy Efficient Algorithm for Workflow Scheduling in IaaS Cloud

193 12 2MB

A Trust System for Detecting Selective Forwarding Attacks in VANETs

158 49 823KB

An Efficient Mechanism for Resource Allocation in Mobile Edge Computing

190 31 28MB

Detecting DOS/DDOS Attacks Under Ipv6

205 99 302KB

An Efficient Renewable Energy-Based Scheduling Algorithm for Cloud Computing

210 44 35MB

Efficient Adversarial Attacks for Visual Object Tracking

186 102 186MB

Detecting Peripheral-based Attacks on the Host Memory

155 52 7MB

An Efficient Malicious User Detection Mechanism for Crowdsensing System

152 28 56MB

An Efficient Blurring-Reconstruction Model to Defend Against Adversarial Attacks

180 1 91MB