Regresar

Cookie scout: An analytic model for prevention of cross-site scripting (XSS) using a cookie classifier

Abstract:

Cross-Site Scripting (XSS) attack is a vulnerability typical of Web applications, where malicious scripts are injected into trusted websites. It allows attackers to execute scripts in the victims browser which can hijack user sessions, deface websites, steal cookies or bkp_redirect the user to malicious sites. This paper presents Cookie Scout, an analytical model for preventing XSS attacks, which main goal is to classify cookies according to their parameters. For this purpose we collect, analyse and classify the type of traffic in a botnet using the Browser Exploitation Framework (Beef) tool for execute attacks and malicious code remotely in a controlled testing environment. With the parameters obtained from the traffic analysis, an algorithm was designed to detect suspicious websites based on the reputation of their cookies. The results obtained showed that the parameters of the cookies were a good reference to determine malicious websites.

Año de publicación:

2018

Keywords:

  • Hook
  • BEEf
  • Cookies
  • JAVASCRIPT
  • XSS

Fuente:

scopusscopus
googlegoogle

Tipo de documento:

Conference Object

Estado:

Acceso restringido

Áreas de conocimiento:

  • Ciencias de la computación

Áreas temáticas:

  • Programación informática, programas, datos, seguridad

Contribuidores:

Pamela FloresPamela Flores
Jenny TorresJenny Torres
Eduardo Benavides-AstudilloEduardo Benavides-Astudillo
Walter FuertesWalter Fuertes
Germán Rodríguez-GalánGermán Rodríguez-Galán