Kuwait-University-Journal-of-Law-header
Search
Kuwait Journal of Science

Previous Issues

Advance Search
Year : From To Vol
Issue Discipline:
Author

Volume :41 Issue : 2 2014      Add To Cart                                                                    Download

Improved cross site scripting filter for input validation against attacks in web services

Auther : ELANGOVAN UMA, ARPUTHARAJ KANNAN


Abstract
Nowadays, everybody needs to handle sensitive data like online banking account details and other information related to financial transactions on the Internet. In this scenario, many Web attacks such as injection attacks are targeted on these sensitive data. Such attacks are carried out by running scripts on users computers that utilize vulnerably coded client/server pages. Moreover, these attacks run malicious codes to steal personal information from the server. Though this code can easily be generated by the attacker, it is very difficult to prevent it by the current cross site scripting filters due to their lack in detection accuracy. Therefore, cross site scripting attack is a challenging issue for the Internet users. Hence, it is necessary to detect and prevent the injection attacks through efficient schemes. However, most of the existing schemes lack this capability in terms of accuracy and need further improvement. In this paper, a new self-aware message analysis cum validation algorithm has been proposed for detecting and filtering various types of Web Service attacks. This proposed system receives requests and generates suitable response from the dummy server page to analyze the nature of attack. New policies are created in this work to analyze the response and forward the legitimate request to original Web Service page. The proposed injection filters have been tested with all possible attacks for verifying the robustness of filtering policies. The results obtained from this work show that the proposed filtering policy is highly robust in refining the malicious message. The implementation and accuracy of the proposed approach has been proved through extensive testing using real-world cross site scripting generation and analysis. The results obtained from the work show that the proposed filtering policy is very strong in refining the malicious message, which contains attacks such as cross site scripting, injection, message replay and semantic attacks. We demonstrated the implementation and accuracy of our approach through extended testing using real-world cross site scripting exploits.
Keywords
Cross site scripting attacks; cross site scripting filters; security; semantic attack filter; web services

Kuwait Journal of Science
Journal of Law

You are Visitor No.

55206

Journal of Law
Journal of Law
Tell your friendsJournal of Law
Journal of Law

Last Updated

Jun 19, 2012

Journal of Law
Journal of Law
Journal of Law

Please enter your email Here to receive our news

Journal of Law