loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Yaw Frempong ; Yates Snyder ; Erfan Al-Hossami ; Meera Sridhar and Samira Shaikh

Affiliation: University of North Carolina at Charlotte, 9201 University City Blvd., Charlotte, North Carolina, U.S.A.

Keyword(s): JavaScript, Cross-site Scripting, Exploit Generation, Natural Language Processing.

Abstract: Websites remain popular targets for web-based attacks such as Cross-Site Scripting (XSS). As a remedy, new research is needed to preemptively secure applications with the use of Automated Exploit Generation (AEG), whereby probing and patching of system vulnerabilities occurs autonomously. In this paper, we present HIJaX, a novel Natural Language-to-JavaScript generator prototype, that creates workable XSS exploit code from English sentences using neural machine translation. We train and test the HIJaX model with a variety of datasets containing benign and malicious intents along with differing numbers of baseline code entries to demonstrate how to best create datasets for XSS code generation. We also examine part-of-speech tagging algorithms and automated dataset expansion scripts to aid the dataset creation and code generation processes. Finally, we demonstrate the feasibility of deploying auto-generated XSS attacks against real-world websites.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 2a06:98c0:3600::103

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Frempong, Y.; Snyder, Y.; Al-Hossami, E.; Sridhar, M. and Shaikh, S. (2021). HIJaX: Human Intent JavaScript XSS Generator. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 798-805. DOI: 10.5220/0010583807980805

@conference{secrypt21,
author={Yaw Frempong. and Yates Snyder. and Erfan Al{-}Hossami. and Meera Sridhar. and Samira Shaikh.},
title={HIJaX: Human Intent JavaScript XSS Generator},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={798-805},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010583807980805},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - HIJaX: Human Intent JavaScript XSS Generator
SN - 978-989-758-524-1
IS - 2184-7711
AU - Frempong, Y.
AU - Snyder, Y.
AU - Al-Hossami, E.
AU - Sridhar, M.
AU - Shaikh, S.
PY - 2021
SP - 798
EP - 805
DO - 10.5220/0010583807980805
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: [email protected]

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic