Automatic XSS Attack Vector Generation Method (PDF)
Document Details
Uploaded by Deleted User
2024
Yuan Yao, Junjiang He, Tao Li, Yunpeng Wang, Xiaolong Lan, and Yuan Li
Tags
Summary
This document details a novel method for automatically generating Cross-Site Scripting (XSS) attack vectors based on the improved Dueling Double Deep Q-network (DDQN) algorithm. This method enhances attack strategies by simulating hacker tactics on websites. The approach is more efficient and effective compared to traditional XSS scanners, needing fewer resources and providing better vulnerability detection accuracy. The document uses reinforcement learning to learn and adapt to various website settings, resulting in more effective attacks.
Full Transcript
An Automatic XSS Attack Vector Generation Method Based on the Improved Dueling DDQN Algorithm Authors:Yuan Yao , Junjiang He , Tao Li, Yunpeng Wang, Xiaolong Lan, and Yuan Li Published: 2024 IEEE Transactions on Dependable and Secure Computing Presented by:LIN,WEI-XIANG 2024/11/27 Outline Moti...
An Automatic XSS Attack Vector Generation Method Based on the Improved Dueling DDQN Algorithm Authors:Yuan Yao , Junjiang He , Tao Li, Yunpeng Wang, Xiaolong Lan, and Yuan Li Published: 2024 IEEE Transactions on Dependable and Secure Computing Presented by:LIN,WEI-XIANG 2024/11/27 Outline Motivation Purpose Introduction Method Results 2 Motivation Most traditional tools rely on public vulnerability databases or predefined dictionaries, such as XSpear, Xsser, and Wapiti. Because they randomly select or traverse attack vectors, they generate too many redundant requests during vulnerability detection. Today, security-conscious vendors mostly deploy protection mechanisms such as WAFs on their systems, in the mistaken belief that this ensures website security. Vulnerability databases and dictionaries used by traditional tools and methods do not necessarily contain attack vectors that conform to the contextual syntax of the target system and effectively bypass protection mechanisms, leading to false positives and causing vendors to improperly assess the security of their systems. 3 Purpose Modeled the XSS attack vector generation process as a Markov decision process priority experience replay mechanism automatic XSS attack verification method using static semantic analysis 4 Introduction Types of XSS Attacks Reflected XSS Stored XSS DOM-based XSS 5 Introduction Reflected XSS 1.The attacker includes malicious code in requests to the web serverThis code will be included in the HTTP response. 2.Attackers typically send malicious links and phishing emailsto trick the victim into making a request to the server. 6 Introduction Stored XSS 1.An attacker will inject malicious code into the target application. 2.If the application does not have input validationThen the malicious code will be permanently stored in the database and other locations by the application. 3.When a user opens an infected pageThe attacker’s malicious code is delivered to the user's browser along with legitimate content.and execute when the user browses the page 7 Introduction DOM-based XSS 1.This can only happen if the web application writes user-supplied data to the DOM. 2.An attacker can inject malicious code,which is stored in the DOM, and only executed when reading data from the DOM. 3.These XSS attacks are typically carried out on the client side and the payload is not delivered to the server.This makes it more difficult to detect through firewalls and server logs. 8 Introduction Double Dueling Deep Q-Network 1. Input layer: receives the current state as input. 2. Shared feature network: Extract universal features of states. 3. Two branch networks: Value Network: Estimate the overall value of the current status. Advantage Network: Estimates the advantages of each action in the current state. 4. Final output layer: Combine the state value and action advantage to obtain the Q value of each action. 9 Method Markov decision process 4. Reward calculation: 1. Enter the sample: payload:alert(1) whether the WAF is 2. State space analysis: successfully bypassed Length L = 27 5. Strategy selection: '' : 2 times 80% chose the variant 'script': 2 times most likely to bypass the WAF 3. Action space variation: Variation 20% randomly try new 1: "<script>alert(1)</script>" mutation strategies 2: "alert(1)" 10 Method Prioritize experience replay 1.Adjust the playback priority based on the impact of each attack vector on function updates 2.When the agent selects experiences for training, it will more frequently select experiences with larger TD errors. 11 Method Vulnerability verification method based on static semantic analysis HTML document response content into DOM syntax tree determine whether the pop-up window can be triggered. Webdriver program to monitor pop- up events to assist in attack verification. 12 Results This research proposes an automated XSS attack vector generation method based on the improved Dueling DDQN algorithm, which can automatically generate more effective XSS attack vectors. This method simulates the process of a hacker attacking a website, allowing the program to learn from it and improve its attack strategy. This method is more effective, faster, and can find more vulnerabilities than traditional XSS scanners.Traditional XSS scanners rely on expert knowledge and manual testing, are costly and inefficient, and generate a single type of attack vector. This new method uses reinforcement learning technology to automatically learn and adapt to different website environments and generate more effective attack vectors. 13 Thanks For Listening 14
