A Security Mechanism against Cross-Site Scripting Attacks

Abstract:

Cross-site scripting is a form of cyber-attack that leverages vulnerabilities in web applications to steal confidential personal information, steal session cookies, impersonate a legitimate user, or even deface a website. Cross-site scripting attacks usually result in huge damage and loss by its victims. These attacks are generally targeted at web users and through a web browser which serves as the attack vector. There is need for a web user to be protected from cross-site scripting attack. In this paper, a web extension application is developed to prevent cross-site scripting attacks. A security mechanism based on web browser application extension was developed to guard against cross-site scripting attacks, attached to URL addresses and links. Inputation and deletion techniques were used for handling missing values, while Min-Max-scaling was used in feature scaling of the dataset. Random forest technique was adopted to train a model using dataset of benign and cross-site scripting URLs. Evaluation of the classification model gave accuracy of 99%, F1-score of 93%, and precision of 99.92%. The security web application extension was tested with common URL attack payloads and the results showed that it was able to detect cross-site scripting URLs.

Keywords— Cross-site scripting, Attacks, Random forest, security mechanism