Mostrar el registro sencillo del ítem
dc.contributor.author
Maurel, Heloise
dc.contributor.author
Vidal, Santiago Agustín
dc.contributor.author
Rezk, Tamara
dc.date.available
2023-09-06T16:45:33Z
dc.date.issued
2022-07
dc.identifier.citation
Maurel, Heloise; Vidal, Santiago Agustín; Rezk, Tamara; Statically identifying XSS using deep learning; Elsevier Science; Science of Computer Programming; 219; 7-2022; 1-20
dc.identifier.issn
0167-6423
dc.identifier.uri
http://hdl.handle.net/11336/210747
dc.description.abstract
Cross-site Scripting (XSS) is ranked first in the top 25 Most Dangerous Software Weaknesses (2020) of Common Weakness Enumeration (CWE) and places this vulnerability as the most dangerous among programming errors. This work explores static approaches to detect XSS vulnerabilities using neural networks. We compare two different code representations based on Natural Language Processing (NLP) and Programming Language Processing (PLP) and experiment with models based on different neural network architectures for static analysis detection in PHP and Node.js. We train and evaluate the models using synthetic databases. Using the generated PHP and Node.js databases, we compare our results with three well-known static analyzers for PHP code, ProgPilot, Pixy, RIPS, and a known scanner for Node.js, AppScan static mode. Our analyzers using neural networks overperform the results of existing tools in all cases.
dc.format
application/pdf
dc.language.iso
eng
dc.publisher
Elsevier Science
dc.rights
info:eu-repo/semantics/restrictedAccess
dc.rights.uri
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/
dc.subject
CROSS-SITE SCRIPTING
dc.subject
DEEP LEARNING
dc.subject
WEB ATTACKS
dc.subject
WEB SECURITY
dc.subject.classification
Ciencias de la Computación
dc.subject.classification
Ciencias de la Computación e Información
dc.subject.classification
CIENCIAS NATURALES Y EXACTAS
dc.title
Statically identifying XSS using deep learning
dc.type
info:eu-repo/semantics/article
dc.type
info:ar-repo/semantics/artículo
dc.type
info:eu-repo/semantics/publishedVersion
dc.date.updated
2023-07-07T22:28:08Z
dc.journal.volume
219
dc.journal.pagination
1-20
dc.journal.pais
Países Bajos
dc.journal.ciudad
Amsterdam
dc.description.fil
Fil: Maurel, Heloise. Institut National de Recherche en Informatique et en Automatique; Francia
dc.description.fil
Fil: Vidal, Santiago Agustín. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Tandil. Instituto Superior de Ingeniería del Software. Universidad Nacional del Centro de la Provincia de Buenos Aires. Instituto Superior de Ingeniería del Software; Argentina
dc.description.fil
Fil: Rezk, Tamara. Institut National de Recherche en Informatique et en Automatique; Francia
dc.journal.title
Science of Computer Programming
dc.relation.alternativeid
info:eu-repo/semantics/altIdentifier/url/https://linkinghub.elsevier.com/retrieve/pii/S0167642322000430
dc.relation.alternativeid
info:eu-repo/semantics/altIdentifier/doi/http://dx.doi.org/10.1016/j.scico.2022.102810
Archivos asociados