Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2011, Vol. 28 ›› Issue (5): 668-675.DOI: 10.7523/j.issn.2095-6134.2011.5.015

• Research Articles • Previous Articles     Next Articles

A behavior-based client defense scheme against XSS

WANG Xia-Li, ZHANG Yu-Qing   

  1. National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China
  • Received:2010-09-07 Revised:2010-11-07 Online:2011-09-15

Abstract:

Recent popularity of Web 2.0 application has given rise to a large number of Web vulnerabilities, and XSS vulnerability is among the top security threats. In recent years, the occurrence of XSS worms worsened the situation of Web security. Existing XSS defense methods mainly depend on filtering users’ inputs on the server side, which cannot protect in time the main victims of XSS attacks, the Internet users. In this paper we focus on the analysis of XSS behavior, especially the propagation behavior of XSS worms, and propose a new client-side XSS defense method, StopXSS. The testing experiments show that our method can defend against XSS attacks effectively and can be used to detect even 0-Day XSS worms.

Key words: Web security, JavaScript, cross site scripting (XSS), XSS worm

CLC Number: