HIJaX: Human Intent JavaScript XSS Generator

Yaw Frempong; Yates Snyder; Erfan Al-Hossami; Meera Sridhar; Samira Shaikh

doi:10.5220/0010583807980805

HIJaX: Human Intent JavaScript XSS Generator

Yaw Frempong, Yates Snyder, Erfan Al-Hossami, Meera Sridhar, Samira Shaikh

2021

Abstract

Websites remain popular targets for web-based attacks such as Cross-Site Scripting (XSS). As a remedy, new research is needed to preemptively secure applications with the use of Automated Exploit Generation (AEG), whereby probing and patching of system vulnerabilities occurs autonomously. In this paper, we present HIJaX, a novel Natural Language-to-JavaScript generator prototype, that creates workable XSS exploit code from English sentences using neural machine translation. We train and test the HIJaX model with a variety of datasets containing benign and malicious intents along with differing numbers of baseline code entries to demonstrate how to best create datasets for XSS code generation. We also examine part-of-speech tagging algorithms and automated dataset expansion scripts to aid the dataset creation and code generation processes. Finally, we demonstrate the feasibility of deploying auto-generated XSS attacks against real-world websites.

Download

Paper Citation

in Harvard Style

Frempong Y., Snyder Y., Al-Hossami E., Sridhar M. and Shaikh S. (2021). HIJaX: Human Intent JavaScript XSS Generator. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 798-805. DOI: 10.5220/0010583807980805

in Bibtex Style

@conference{secrypt21,
author={Yaw Frempong and Yates Snyder and Erfan Al-Hossami and Meera Sridhar and Samira Shaikh},
title={HIJaX: Human Intent JavaScript XSS Generator},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={798-805},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010583807980805},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - HIJaX: Human Intent JavaScript XSS Generator
SN - 978-989-758-524-1
AU - Frempong Y.
AU - Snyder Y.
AU - Al-Hossami E.
AU - Sridhar M.
AU - Shaikh S.
PY - 2021
SP - 798
EP - 805
DO - 10.5220/0010583807980805