Efficient yet Robust Elimination of XSS Attack Vectors from HTML5 Web Applications Hosted on OSN-Based Cloud Platforms

Abstract

The authors suggested a cloud-hosted XSS defensive model that defends the cloud-hosted web applications against the injection of HTML5 attack vectors. The model is categorized into 2 phrases: namely HTML5 Feature Injection and HTML5 Feature Comparison. The earlier one basically involves calculating and storing the features of JavaScript code in the feature repository. The other one compares the features extracted in the offline and online mode. Any oddity results in consequent sanitization of the HTMl5 script code. We have developed our prototype on the environmental set-up of ICAN Cloud simulator and its settings were integrated by creating the infrastructure set-up of various virtual machines on this simulator. The HTML5 XSS attack vector detection proficiency of our scheme was tested on numerous cloud-hosted web applications installed on different virtual machines facilitating with the malicious intention of injection of attack vectors on regular intervals. Experimental results disclosed the facts that our proposed scheme is proficient enough to detect and eliminate the HTML5 attack vectors from the tested web applications with tolerable rate of False Negatives (FNs), False Positives (FPs) and lesser overhead.