Identifying Cross-Site Scripting Attacks Based on URL Analysis

Full Text (PDF, 159KB), PP.52-61

Views: 0 Downloads: 0


Zhihua Tang 1,* Ning Zheng 1 Ming Xu 1

1. Institute of Computer Application Technology, Hangzhou Dianzi University, Hangzhou, China, 310018

* Corresponding author.


Received: 14 Jun. 2012 / Revised: 12 Jul. 2012 / Accepted: 23 Aug. 2012 / Published: 5 Oct. 2012

Index Terms

Cross-site scripting, depth level, structure


Cross-site scripting (XSS) is one of the major threats to the security of web applications. Many techniques have been taken to prevent XSS. This paper presents an approach to identify Cross-Site Scripting attacks based on URL analysis. The fundamental assumption of our method is that the URL contains a part that can produce a valid JavaScript syntax tree. First, we extract the parameters of the URL to produce a valid JavaScript syntax tree and weight its parsing depth. If its depth exceeds a user-defined threshold, the URL is considered suspicious. Second, to the exception URLs, a second level of defense is formed by analyzing its structure. The experimental results demonstrate that our approach can effectively distinguish most of the malicious URLs from the benign ones.

Cite This Paper

Zhihua Tang,Ning Zheng,Ming Xu, "Identifying Cross-Site Scripting Attacks Based on URL Analysis", IJEM, vol.2, no.5, pp.52-61, 2012. DOI: 10.5815/ijem.2012.05.08


[1] Van der Geer J, Hanraads JAJ, Lupton RA. The art of writing a scientific article. J Sci Commun 2000;163:51-9.

[2] Strunk Jr W, White EB. The elements of style. 3rd ed. New York: Macmillan; 1979.

[1] OWASP (2010). OWASP Top 10 Project , Available at

[2] S. Kamkar, “I’m popular,” 2005, description and technical explanation of the JS.Spacehero (a.k.a. “Samy”) MySpaceworm. [Online]. Available:

[3] P. Bisht and V. N. Venkatakrishnan. XSS-GUARD: precise dynamic prevention of cross-site scripting attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment,2008.

[4] EnginKirda, Christopher Kruegel, Giovanni Vigna,and Nenad Jovanovic. Noxes: A client-side solution formitigating cross-site scripting attacks. In Proceedings of the 21st ACM Symposium on Applied Computing (SAC),Security Track, 2006.

[5] S. Nanda, L.-C. Lam , T. Chiueh. Dynamic multiprocess information flow tracking for webapplication security. In Proceedings of the 8th ACM/IFIP/USENIX international conference on Middleware, 2007.

[6] M. Van Gundy and H. Chen, “Noncespaces: Using randomization to enforce information flow tracking and thwart crosssite scripting attacks,”in 16th Annual Network & Distributed System Security Symposium,San Diego, CA, USA, Feb. 2009.

[7] P. Saxena, D. Song, and Y. Nadji, “Document structure integrity:A robust basis for cross-site scripting defense,” in 16th Annual Network & Distributed System Security Symposium,San Diego, CA, USA, Feb. 2009.

[8] T. Jim, N. Swamy, and M. Hicks. Beep: Browser-enforced embedded policies. 16th International World World Web Conference, 2007.

[9] D. Bates, A. Barth, and C. Jackson. Regular Expressions Considered Harmful in Client-Side XSS Filters. In Proceedings of the 19th international conference on World Wide Web (WWW). ACM New York, NY, USA, 2010.

[10] M. Ter Louw and V. N. Venkatakrishnan. BluePrint: RobustPrevention of Cross-site Scripting Attacks for ExistinBrowsers. In Proceedings of the IEEE Symposium on Securityand Privacy, 2009.

[11] SpiderMonkey Engine.

[12] XSS (Cross Site Scripting) Cheat Sheet. Esp: for filter evasion.

[13] K. Fernandez and D. Pagkalos. XSSed