Survey
|
App. Res. of Comp. Printed Article
Vol. 41, 2024 No. 3
652-662

Review of cross-site scripting attack detection and defence techniques

Wang Lingtonga,b
Wang Huilinga,b
Xu Miaoa,b
Qi Xiaolonga,b
a. School of Network Security & Information Technology, b. Key Laboratory of Intelligent Computing Research & Application, Yili Normal University, Yining Xinjiang 835000, China
DOI: 10.19734/j.issn.1001-3695.2023.06.0286

Abstract

Cross site scripting attack, also called XSS attack, is one of the most serious risks in Web security. With the widespread use of Web technologies such as Web services, APIs, and the emergence of new programming styles such as AJAX, CSS and HTML5, the threat of XSS attacks has become more serious. Therefore, how to deal with the security risk of XSS attacks has become an important concern in Web security research. By investigating the literature on XSS attack detection and defence in recent years, this paper reviewed the latest techniques for XSS attack detection and defence from both non-adversarial and adversarial perspectives, based on whether the XSS attack was stealthy or not. Firstly, from the aspects of non-confrontational attack detection and confrontational attack detection, this paper explored and analysed the methods of learning attack features from data and predicting attacks based on machine learning and optimising the detection model based on reinforcement learning to identify or generate confrontational sample strategies. Secondly, it elaborated the methods of non-confrontational attack defence to filter the XSS attacks based on rules, to reduce the success rate of attacks based on the randomness of the moving targets defence(MTD), and to isolation sandbox-based approach to prevent the propagation of XSS attacks. Finally, this paper presented the future issues to be considered and outlooks of XSS attack detection and defence in terms of sample characteristics, model features and limitations of CSP, and the wide range of uploading functions, respectively.

Foundation Support

国家自然科学基金地区科学基金项目(6236070453)
新疆维吾尔自治区自然科学基金资助项目(2022D01C337,2021D01C467)
计算机软件新技术国家重点实验室(南京大学)资助项目(KFKT2022B30)
学实高层次人才岗位项目(YSXSQN22007)
伊犁师范大学提升学科综合实力专项自科重点项目(22XKZZ19)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2023.06.0286
Publish at: Application Research of Computers Printed Article, Vol. 41, 2024 No. 3
Section: Survey
Pages: 652-662
Serial Number: 1001-3695(2024)03-002-0652-11

Publish History

[2023-11-14] Accepted Paper
[2024-03-05] Printed Article

Cite This Article

王铃铜, 王慧玲, 徐苗, 等. 跨站脚本攻击检测与防御技术综述 [J]. 计算机应用研究, 2024, 41 (3): 652-662. (Wang Lingtong, Wang Huiling, Xu Miao, et al. Review of cross-site scripting attack detection and defence techniques [J]. Application Research of Computers, 2024, 41 (3): 652-662. )

About the Journal

  • Application Research of Computers Monthly Journal
  • Journal ID ISSN 1001-3695
    CN  51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.

Indexed & Evaluation

  • The Second National Periodical Award 100 Key Journals
  • Double Effect Journal of China Journal Formation
  • the Core Journal of China (Peking University 2023 Edition)
  • the Core Journal for Science
  • Chinese Science Citation Database (CSCD) Source Journals
  • RCCSE Chinese Core Academic Journals
  • Journal of China Computer Federation
  • 2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
  • Full-text Source Journal of China Science and Technology Periodicals Database
  • Source Journal of China Academic Journals Comprehensive Evaluation Database
  • Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
  • 2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
  • Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
  • Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
  • Source Journal of British Science Digest (INSPEC)
  • Japan Science and Technology Agency (JST) Source Journal
  • Russian Journal of Abstracts (AJ, VINITI) Source Journals
  • Full-text Journal of EBSCO, USA
  • Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
  • Poland Copernicus Index (IC)
  • Ulrichsweb (USA)