Conference ProceedingsOPEN ACCESS

HIJaX: Human intent JavaScript XSS generator

Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021 (2021) 798-805
DOI: 10.5220/0010583807980805
3Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Websites remain popular targets for web-based attacks such as Cross-Site Scripting (XSS). As a remedy, new research is needed to preemptively secure applications with the use of Automated Exploit Generation (AEG), whereby probing and patching of system vulnerabilities occurs autonomously. In this paper, we present HIJaX, a novel Natural Language-to-JavaScript generator prototype, that creates workable XSS exploit code from English sentences using neural machine translation. We train and test the HIJaX model with a variety of datasets containing benign and malicious intents along with differing numbers of baseline code entries to demonstrate how to best create datasets for XSS code generation. We also examine part-of-speech tagging algorithms and automated dataset expansion scripts to aid the dataset creation and code generation processes. Finally, we demonstrate the feasibility of deploying auto-generated XSS attacks against real-world websites.

Author supplied keywords

Cite

CITATION STYLE

APA

Frempong, Y., Snyder, Y., Al-Hossami, E., Sridhar, M., & Shaikh, S. (2021). HIJaX: Human intent JavaScript XSS generator. In Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021 (pp. 798–805). SciTePress. https://doi.org/10.5220/0010583807980805

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free