Abstract:
This article presents an enhanced JavaScript feature-injection based framework that obstructs the execution of cross-site scripting (XSS) worms from the virtual machines of cloud-based online social network (OSN). It calculates the features of clustered-sanitised compressed templates of JavaScript attack vectors embedded in the HTTP response messages. Any variation observed in such JavaScript feature set indicates the injection of XSS worms on the cloud-based OSN server. The injected worms will further undergo through the process of nested context-aware sanitisation for its safe interpretation on the web browser. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment. The experimental evaluation of our framework was performed on the platform of OSN-based web applications deployed in the cloud platform. The performance analysis done revealed that our framework detects the injection of malicious JavaScript code with low false negative rate and acceptable performance overhead.