Skip to main content
eScholarship
Open Access Publications from the University of California

UC Davis

UC Davis Electronic Theses and Dissertations bannerUC Davis

Modeling Cross-Site Scripting (XSS) Attacks, and Studying the Effect of Changing Attack Attributes on Defense Techniques.

Abstract

Cross-Site Scripting (XSS) attacks are code injection attacks executed on the client side of a web application. These attacks are by far the most prevalent web application attacks. XSS attacks affect a vast majority of applications, including security-critical applications such as banks. Defending against these attacks has long been the subject of research. Modeling attacks can help understand the adversary's and the defender's approaches to help build robust applications.

In this work we focus on modeling XSS attacks. Our mathematical models explore scenarios which help understand the success of the adversary. For each scenario, the adversary's success is presented in the form of the probability of the adversary receiving replies. For each scenario, the probability values of our model and scenario fall within a 95% confidence interval. We also discuss some defense strategies to build a robust application.

Reinforcement learning problems involve learning from how situations are mapped to actions. In addition to modeling the attacks, we also use some reinforcement learning techniques to understand the adversary's policies to gain maximum success, i.e., maximization of numerical reward. We explore different discount factors to find the adversary's best strategy.

Main Content
For improved accessibility of PDF content, download the file to your device.
Current View