Title: RAJIVE: restricting the abuse of JavaScript injection vulnerabilities on cloud data centre by sensing the violation in expected workflow of web applications

Authors: Shashank Gupta; B.B. Gupta

Addresses: Department of Computer Engineering, National Institute of Technology, Kurukshetra, Haryana, India ' Department of Computer Engineering, National Institute of Technology, Kurukshetra, Haryana, India

Abstract: This article introduces a novel defensive framework that detects and obstructs the exploitation of malicious JavaScript (JS) injection by spotting the violation in the expected workflow of web applications deployed on the cloud data centres. The framework initially generates some categories of axioms by examining the strings of HTTP request and response. Likewise, it detects the deviation in the intended workflow of web application by examining the violation in such generated axioms. The prototype of our work was developed in Java development framework and installed on the virtual machines of cloud data centres located at the core of network. Susceptible web applications were utilised for evaluating the workflow violation detection capability in order to obstruct the execution of XSS worms on the cloud data centres. Evaluation result revealed that framework detects the injection of XSS worms with high precision rate and lesser rate of false positives and false negatives.

Keywords: cloud security; XSS attack; JavaScript worms; workflow violation attacks; WV; AJAX; JavaScript.

DOI: 10.1504/IJICA.2018.090822

International Journal of Innovative Computing and Applications, 2018 Vol.9 No.1, pp.13 - 36

Received: 05 Jan 2017
Accepted: 12 Apr 2017
Published online: 28 Mar 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article