A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity

Autor: Dragan Korać, Boris Damjanović, Dejan Simić, Kim-Kwang Raymond Choo
Jazyk: angličtina
Rok vydání: 2022
Předmět:
Zdroj: Journal of King Saud University: Computer and Information Sciences, Vol 34, Iss 10, Pp 9284-9300 (2022)
Druh dokumentu: article
ISSN: 1319-1578
DOI: 10.1016/j.jksuci.2022.09.008
Popis: Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specifically, we review the various XSS attacks from the lens of an attacker. We use a workflow diagram to define the topological relationship among XSS attacks, and to highlight key system weaknesses (e.g., chokepoints). We also present a Hybrid XSS attack (HYXSSA), designed to facilitate the identification of existing and future potential attack vectors in different modalities presented as frameworks (fi). For quantification and visualization of these frameworks, the software application as a rotate view tool is developed. Moreover, we demonstrate how these derived frameworks can be implemented, and provide a guideline to defend against XSS attacks. The implementation results for the given two attack vector shows the feasibility of mapping of attack vectors to actual mathematical vectors. Finally, we present potential challenges and opportunities associated with XSS attacks.
Databáze: Directory of Open Access Journals