SFC: A Three Layer Smart Phone-Fag-Cloud Framework for Defending Against JavaScript Code Injection Vulnerabilities on OSN

Abstract

This article introduced a Fog centric model in the proximity of smart phone devices and virtual Cloud Data Centers (CDC) that senses and avoids an execution of JavaScript code injection vulnerabilities on Online Social Network (OSN). Such offline CDC statically computes the features of clustered-sanitized compressed patterns of JavaScript attack vectors embedded in the HTTP response messages and inject them on the online edge servers of Fog Computing network. The online edge web server dynamically re-computes the features of JavaScript code and compares these features with the statically calculated features in offline mode. Any discrepancy observed in these features will alarm the signal of injection of malicious script code on the edge server. The prototype of our Fog centric framework was developed in Java and installed on the offline virtual machines of Cloud platforms and online edge servers of Fog computing architecture. The online evaluation results exposed that the JavaScript attack vectors sensing rate of our work is high with tolerable rate of False Negatives (FNs), False Positives (FPs) and lesser overall performance overhead during the peak congestion of generation of sanitized HTTP response on the fog nodes.