Maurel et al., 2022 - Google Patents
Comparing the Detection of XSS Vulnerabilities in Node. js and a Multi-tier JavaScript-based Language via Deep LearningMaurel et al., 2022
View PDF- Document ID
- 1930348148766020178
- Author
- Maurel H
- Vidal S
- Rezk T
- Publication year
- Publication venue
- ICISSP 2022-8th International Conference on Information Systems Security and Privacy
External Links
Snippet
Cross-site Scripting (XSS) is one of the most common and impactful software vulnerabilities (ranked second in the CWE's top 25 in 2021). Several approaches have focused on automatically detecting software vulnerabilities through machine learning models. To build a …
- 238000001514 detection method 0 title description 12
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/20—Handling natural language data
- G06F17/27—Automatic analysis, e.g. parsing
- G06F17/274—Grammatical analysis; Style critique
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/20—Handling natural language data
- G06F17/21—Text processing
- G06F17/22—Manipulating or registering by use of codes, e.g. in sequence of text characters
- G06F17/2247—Tree structured documents; Markup, e.g. Standard Generalized Markup Language [SGML], Document Type Definition [DTD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gupta et al. | Enhancing the browser-side context-aware sanitization of suspicious HTML5 code for halting the DOM-based XSS vulnerabilities in cloud | |
| Mokbal et al. | MLPXSS: an integrated XSS-based attack detection scheme in web applications using multilayer perceptron technique | |
| Skolka et al. | Anything to hide? studying minified and obfuscated code in the web | |
| Kasim | An ensemble classification-based approach to detect attack level of SQL injections | |
| Wang et al. | Jsdc: A hybrid approach for javascript malware detection and classification | |
| CN109922052A (en) | A kind of malice URL detection method of combination multiple characteristics | |
| Maurel et al. | Statically identifying XSS using deep learning | |
| Gegick et al. | Matching attack patterns to security vulnerabilities in software-intensive system designs | |
| Tellenbach et al. | Detecting obfuscated JavaScripts from known and unknown obfuscators using machine learning | |
| US20240054215A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| US20240054210A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| Leithner et al. | Hydra: Feedback-driven black-box exploitation of injection vulnerabilities | |
| Kumar et al. | Cross site scripting (XSS) vulnerability detection using machine learning and statistical analysis | |
| Jaeger et al. | Normalizing security events with a hierarchical knowledge base | |
| Gegick et al. | On the design of more secure software-intensive systems by use of attack patterns | |
| Maurel et al. | Comparing the Detection of XSS Vulnerabilities in Node. js and a Multi-tier JavaScript-based Language via Deep Learning | |
| Aliero et al. | Review on SQL injection protection methods and tools | |
| Liu et al. | Smarteagleeye: A cloud-oriented webshell detection system based on dynamic gray-box and deep learning | |
| US20230252146A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| Ren et al. | Jsrevealer: A robust malicious javascript detector against obfuscation | |
| Kong et al. | Semantic aware attribution analysis of remote exploits | |
| Gupta et al. | RAJIVE: restricting the abuse of JavaScript injection vulnerabilities on cloud data centre by sensing the violation in expected workflow of web applications | |
| Nakagawa et al. | Xss attack detection by attention mechanism based on script tags in urls | |
| Rietz et al. | Firewalls for the Web 2.0 | |
| Mereani | Investigating the detection of stored scripting attacks using machine learning |