References
- D. H. Lee, "Personalizing information using users' online social networks: a case study of CiteULike," Journal of Information Processing Systems, vol. 11, no. 1, pp. 1-21, 2015 https://doi.org/10.3745/JIPS.04.0014
- J. Kim, D. H. Yao, H. Jang, and K. Jeong, "WebSHArk 1.0: a benchmark collection for malicious web shell detection," Journal of Information Processing Systems, vol. 11, no. 2, pp. 229-238, 2015 https://doi.org/10.3745/JIPS.03.0026
- Y. Zhang, X. Wang, Q. Luo, and Q. Liu, "Cross-site scripting attacks in social network APIs," in Proceedings of Workshop on WEB 2.0 Security and Privacy (W2SP 2013), San Francisco, CA, 2013.
- I. Hydara, A. B. M. Sultan, H. Zulzalil, and N. Admodisastro, "Current state of research on cross-site scripting (XSS): a systematic literature review," Information and Software Technology, vol. 58, pp. 170-186, 2015 https://doi.org/10.1016/j.infsof.2014.07.010
- M. K Gupta, M. C. Govil, and G. Singh, "Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: a survey," in Proceedings of the Recent Advances and Innovations in Engineering (ICRAIE), Jaipur, India, 2014, pp. 1-5
- Y. Cao, V. Yegneswaran, P. Possas, and Y. Chen, "Pathcutter: severing the self-propagation path of XSS JavaScript Worms in social web networks," in Proceedings of the Network and Distributed System Security Symposium (NDSS'12), San Diego, CA, 2012, pp. 1-14
- L. Constantin, "New Chinese social networking worm discovered," 2009 [Online]. Available: http://news.softpedia.com/news/New-Chinese-Social-Networking-Worm-Discovered-120021.shtml.
- Technical explanation of The MySpace Worm [Online]. Available: https://samy.pl/popular/tech.html.
- G. Cluley, "Cross-platform Boonana Trojan targets Facebook users," 2010 [Online]. Available: https://nakedsecurity.sophos.com/2010/10/28/cross-platform-worm-targets-facebook-users/.
- Hackagon, "XSS attack," 2016 [Online]. Available: http://hackagon.com/xss-attack/.
- P. Likarish, E. Jung, and I. Jo, "Obfuscated malicious JavaScript detection using classification techniques," in Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE), Montreal, Canada, 2009, pp. 47-54.
- A. E. Nunan, E. Souto, E. M. dos Santos, and E. Feitosa, "Automatic classification of cross-site scripting in webpages using document-based and URL-based features," in Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Cappadocia, Turkey, 2012, pp. 000702-000707.
- F. Sun, L. Xu, and Z. Su, "Client-side detection of XSS worms by monitoring payload propagation," in Proceedings of the 14th European Symposium on Research in Computer Security, Saint-Malo, France, 2009, pp. 539-554.
- V. B. Livshits and W. Cui, "Spectator: detection and containment of JavaScript Worms," in Proceedings of the USENIX Annual Technical Conference, Boston, MA, 2008, pp. 335-348.
- M. Ter Louw and V. N. Venkatakrishnan, "Blueprint: robust prevention of cross-site scripting attacks for existing browsers," in Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, Oakland, CA, 2009, pp. 331-346.
- W. Xu, F. Zhang, and S. Zhu, "Toward worm detection in online social networks," in Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC'10), Austin, TX, 2010, pp. 11-20.
- M. A. Ahmed, and F. Ali, "Multiple-path testing for cross site scripting using genetic algorithms," Journal of Systems Architecture, vol. 64, pp. 50-62, 2016 https://doi.org/10.1016/j.sysarc.2015.11.001
- C. H. Wang and Y. S. Zhou, "A new cross-site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions," in Proceedings of the 2016 International Computer Symposium (ICS), Chiayi, Taiwan, 2016, pp. 264-269.
- Common Attack Pattern Enumeration and Classification, "CAPEC-72: URL encoding," 2017 [Online]. Available: https://capec.mitre.org/data/definitions/72.html.
- Y. S. Hwang, J. B. Kwon, J. C. Moon, and S. J. Cho, "Classifying malicious webpages by using an adaptive support vector machine," Journal of Information Processing Systems, vol. 9, no. 3, pp. 395-404, 2013. https://doi.org/10.3745/JIPS.2013.9.3.395
- R. Wang, X. Jia, Q. Li, and D. Zhang, "Improved N-gram approach for cross-site scripting detection in online social network," in Proceedings of the Science and Information Conference (SAI), London, UK, 2015, pp. 1206-1212.
- XSS attacks information [Online]. Available: http://www.xssed.com/.
- Alexa, "The top 500 sites on the web," 2017 [Online]. Available: http://www.alexa.com/topsites.
- Elgg Foundation, "Introducing a powerful open source social networking engine," [Online]. Available: https://elgg.org/.
- Weka 3: data mining software in Java [Online]. Available: http://www.cs.waikato.ac.nz/ml/weka/.
- K. M. Prabusankarlal, P. Thirumoorthy, and R. Manavalan, "Assessment of combined textural and morphological features for diagnosis of breast masses in ultrasound," Human-centric Computing and Information Sciences, vol. 5, no. 1, pp. 1-17, 2015. https://doi.org/10.1186/s13673-014-0018-6
- C. Chantrapornchai and P. Nusawat, "Two machine learning models for mobile phone battery discharge rate prediction based on usage patterns," Journal of Information Processing Systems, vol. 12, no. 3, pp. 436-454, 2016. https://doi.org/10.3745/JIPS.03.0048
- J. H. Choi, H. S. Shin, and A. Nasridinov, "A comparative study on data mining classification techniques for military applications," Journal of Convergence, vol. 7, pp. 1-7, 2016.
- R. Wang, X. Jia, Q. Li, and S. Zhang, "Machine learning based cross-site scripting detection in online social network," in Proceedings of the 2014 IEEE International Conference on High Performance Computing and Communications (HPSS), 2014 IEEE 6th International Symposium on Cyberspace Safety and Security (CSS), and 2014 IEEE 11th International Conference on Embedded Software and Systems (ICESS), Paris, France, 2014, pp. 823-826.
Cited by
- Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat vol.10, pp.1, 2018, https://doi.org/10.3390/sym10010014