Method for Detection and Mitigation Cross Site Scripting Attack on Multi-Websites

Hartono, Hartono and Triloka, Joko (2021) Method for Detection and Mitigation Cross Site Scripting Attack on Multi-Websites. Proceeding of 7th ICITB 2021. ISSN 2460 – 7223

[img] Text
Method for Detection and Mitigation Cross Site.pdf

Download (736kB)

Abstract

Abstract—Cross-Site Scripting (XSS) attack exploits scripting security bugs and issues on the website. XSS attack focuses and occurred on client browser application or frontend. It consists of three types of attacks: stored, reflected, and document object manipulation. The XSS attacks can cause fatal and dangerous problems, such as theft of user data, account takeovers, and illegal access to banking transactions or important data. Studies on XSS detection and mitigation have been carried out by some researchers, but it still leaves some problems, such as there is no connected mitigation to respond to the attack, using only a single-layer security mechanism and fewer payload data to test, weak measurement of the defense effectiveness from XSS attack, and the use of insufficient experiment and data testing. In addition, the method used in previous research still fails to solve all types of XSS attack. Most of the previous research also separates the method of attack detection and its mitigation. Therefore, this study proposes not only for detection but also for mitigation to overcome XSS attacks. The proposed method in this study is divided into two parts: detection and mitigation method. The proposed detection method is by using machine learning, based on lexical analysis. Then, the proposed mitigation method is the multi-layer security method which consists of five layers of the security. The proposed method has been structured systemati-cally and procedurally. In previous research, the partial methods proposed in this paper has been effectively implemented. There-fore, the proposed method is regarded as appropriate method to detect and mitigate XSS attack.

Item Type: Article
Subjects: Ilmu Komputer
Divisions: Jurnal > Jurnal Ilmu Komputer
Depositing User: Editor
Date Deposited: 10 Aug 2022 08:37
Last Modified: 07 Feb 2023 02:44
URI: http://repo.darmajaya.ac.id/id/eprint/7958

Actions (login required)

View Item View Item