- Main
Modeling Cross-Site Scripting (XSS) Attacks, and Studying the Effect of Changing Attack Attributes on Defense Techniques.
- Bose, Somdutta
- Advisor(s): Bishop, Matt
Abstract
Cross-Site Scripting (XSS) attacks are code injection attacks executed on the client side of a web application. These attacks are by far the most prevalent web application attacks. XSS attacks affect a vast majority of applications, including security-critical applications such as banks. Defending against these attacks has long been the subject of research. Modeling attacks can help understand the adversary's and the defender's approaches to help build robust applications.
In this work we focus on modeling XSS attacks. Our mathematical models explore scenarios which help understand the success of the adversary. For each scenario, the adversary's success is presented in the form of the probability of the adversary receiving replies. For each scenario, the probability values of our model and scenario fall within a 95% confidence interval. We also discuss some defense strategies to build a robust application.
Reinforcement learning problems involve learning from how situations are mapped to actions. In addition to modeling the attacks, we also use some reinforcement learning techniques to understand the adversary's policies to gain maximum success, i.e., maximization of numerical reward. We explore different discount factors to find the adversary's best strategy.
Main Content
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-
-
-