Nested context-aware sanitisation and feature injection in clustered templates of JavaScript worms on the cloud-based OSN. (7th February 2020)
- Record Type:
- Journal Article
- Title:
- Nested context-aware sanitisation and feature injection in clustered templates of JavaScript worms on the cloud-based OSN. (7th February 2020)
- Main Title:
- Nested context-aware sanitisation and feature injection in clustered templates of JavaScript worms on the cloud-based OSN
- Authors:
- Gupta, Shashank
Gupta, B.B.
Chaudhary, Pooja - Abstract:
- This article presents an enhanced JavaScript feature-injection based framework that obstructs the execution of cross-site scripting (XSS) worms from the virtual machines of cloud-based online social network (OSN). It calculates the features of clustered-sanitised compressed templates of JavaScript attack vectors embedded in the HTTP response messages. Any variation observed in such JavaScript feature set indicates the injection of XSS worms on the cloud-based OSN server. The injected worms will further undergo through the process of nested context-aware sanitisation for its safe interpretation on the web browser. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment. The experimental evaluation of our framework was performed on the platform of OSN-based web applications deployed in the cloud platform. The performance analysis done revealed that our framework detects the injection of malicious JavaScript code with low false negative rate and acceptable performance overhead.
- Is Part Of:
- International journal of information and computer security. Volume 12:Number 2/3(2020)
- Journal:
- International journal of information and computer security
- Issue:
- Volume 12:Number 2/3(2020)
- Issue Display:
- Volume 12, Issue 2/3 (2020)
- Year:
- 2020
- Volume:
- 12
- Issue:
- 2/3
- Issue Sort Value:
- 2020-0012-NaN-0000
- Page Start:
- 147
- Page End:
- 180
- Publication Date:
- 2020-02-07
- Subjects:
- cloud security -- online social networking security -- XSS worms -- JavaScript code injection attacks -- context-aware sanitisation -- JavaScript feature injection
Computer security -- Periodicals
Information systems management -- Security measures -- Periodicals
Computer networks -- Security measures -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.inderscience.com/browse/index.php?journalCODE=ijics ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1744-1765
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 12535.xml