Presentation | 2023-10-19 An Application of Genetic Algorithms for XSS Attack Payload Generation and WAF Evaluation Yu Funahashi, Hideaki Kimura, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | We propose a method of generating and evolving malicious scripts (payloads) used in cross-site scripting (XSS) attacks by applying genetic algorithms. This allows us to generate unknown payloads that are difficult to detect from Web application firewalls (WAFs) and known attack patterns. The generated payloads are not included in PortSwigger's xss-cheat-sheet, making it an effective countermeasure against new security threats. In the adaptability evaluation, the proposed method obtained an average score of 2.5, while the known PortSwigger's xss-cheat-sheet obtained an average score of 1.3. This result suggests the effectiveness of the new method. We propose it as a new approach to deal with unknown XSS attacks. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | XSS attacks / genetic algorithms / Cyber security |
Paper # | EMCJ2023-43,MW2023-97,EST2023-70 |
Date of Issue | 2023-10-12 (EMCJ, MW, EST) |
Conference Information | |
Committee | MW / EMCJ / EST / IEE-EMC |
---|---|
Conference Date | 2023/10/19(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Yamagata University |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Microwave, EM simulation, EMC, etc. |
Chair | Kensuke Okubo(Okayama Prefectural Univ.) / Kimihiro Tajima(NTT-AT) / Masayuki Kimishima(Advantest) |
Vice Chair | Atsushi Sanada(Osaka Univ.) / Akihito Hirai(Mitsubishi Electric) / Yoshitaka Toyota(Okayama Univ.) / Takuya Sakamoto(Kyoto Univ.) / Yasuhide Tsuji(Muroran Inst. of Tech.) / Yasuo Ohtera(Toyama Prefectural Univ.) |
Secretary | Atsushi Sanada(Univ. of Electro-Comm) / Akihito Hirai(Murata Manufacturing) / Yoshitaka Toyota(Hokkaido Univ.) / Takuya Sakamoto(Panasonic) / Yasuhide Tsuji(Kozo Keikaku Engineering) / Yasuo Ohtera(Univ. of Electro-Comm) |
Assistant | Tomoyuki Furuichi(Tohoku Univ.) / Kosuke Katayama(NIT Tokuyama College) / Kenji Ogata(ADOX) / Taiki Nishimoto(Panasonic Industry) / Tadatoshi Sekine(Shizuoka Univ.) / Tomonori Yanagida(Advantest) / Akito Iguchi(Muroran Inst. of Tech) |
Paper Information | |
Registration To | Technical Committee on Microwaves / Technical Committee on Electromagnetic Compatibility / Technical Committee on Electronics Simulation Technology / Technical Meeting on Electromagnetic Compatibility |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | An Application of Genetic Algorithms for XSS Attack Payload Generation and WAF Evaluation |
Sub Title (in English) | |
Keyword(1) | XSS attacks |
Keyword(2) | genetic algorithms |
Keyword(3) | Cyber security |
1st Author's Name | Yu Funahashi |
1st Author's Affiliation | Chubu University(Chubu Univ) |
2nd Author's Name | Hideaki Kimura |
2nd Author's Affiliation | Chubu University(Chubu Univ) |
Date | 2023-10-19 |
Paper # | EMCJ2023-43,MW2023-97,EST2023-70 |
Volume (vol) | vol.123 |
Number (no) | EMCJ-215,MW-216,EST-217 |
Page | pp.pp.42-45(EMCJ), pp.42-45(MW), pp.42-45(EST), |
#Pages | 4 |
Date of Issue | 2023-10-12 (EMCJ, MW, EST) |