A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity

Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specific...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of King Saud University. Computer and information sciences 2022-11, Vol.34 (10), p.9284-9300
Hauptverfasser: Korać, Dragan, Damjanović, Boris, Simić, Dejan, Choo, Kim-Kwang Raymond
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specifically, we review the various XSS attacks from the lens of an attacker. We use a workflow diagram to define the topological relationship among XSS attacks, and to highlight key system weaknesses (e.g., chokepoints). We also present a Hybrid XSS attack (HYXSSA), designed to facilitate the identification of existing and future potential attack vectors in different modalities presented as frameworks (fi). For quantification and visualization of these frameworks, the software application as a rotate view tool is developed. Moreover, we demonstrate how these derived frameworks can be implemented, and provide a guideline to defend against XSS attacks. The implementation results for the given two attack vector shows the feasibility of mapping of attack vectors to actual mathematical vectors. Finally, we present potential challenges and opportunities associated with XSS attacks.
ISSN:1319-1578
2213-1248
DOI:10.1016/j.jksuci.2022.09.008