Date of Award


Degree Name

Doctor of Philosophy


Computer Science


Ann Q. Gates

Second Advisor

Salamah I. Salamah


Cyber-security is one of our nation's most critical security priorities, and its importance continues to grow with the pervasiveness of computers and Web-based applications. In particular, cross-site scripting (XSS) is one of the most common and dangerous types of injection attacks that exploit input validation vulnerabilities. XSS has intensified due to: 1) lack of extensive security domain knowledge of software engineers who are involved in building and/or maintaining Web-applications; and 2) lack of proper software development processes focused on security, resulting in fixes to security vulnerabilities late in the software development lifecycle. Indeed, the cost benefits of removing defects, in particular security-related faults, earlier in the lifecycle is well documented. The research goal is to reduce successful XSS attacks through a unified approach that identifies malicious and suspicious inputs/outputs based on customized application-specific knowledge. The Intrusion Detection Approach (IDA), which is defined in this Dissertation, captures XSS-related domain knowledge from national catalogs of attack patterns and uses it to generate application-specific XSS patterns for monitoring IO by integrating technologies and techniques such as ontologies, provenance, formalizations and security-related domain knowledge. The work hosts a security knowledge base that is easily maintainable whenever new attacks or new ways of launching attacks come into use. Updating the security knowledge base results in monitoring, identifying, and preventing XSS attacks without any changes to the Web application. Risk analysis combined with provenance provides a unique way of prioritizing formalized patterns based on sensitivity level of assets and trends of threats. Using the XSSMon tool, which realizes the IDA, the author conducted a case study on two versions of a commercial Web application to compare the effectiveness of XSSMon. The results showed that XSSMon had higher success rates in identifying XSS-related attacks. Specifically, the overall success rates were 4.79% and 28.01% for the original and latest version of the Web application, respectively, and 88.36% and 100% for the initial and latest version of XSSMon, respectively. The results of this case study can be extended to other Web applications that accept similar equivalence classes of IO.




Received from ProQuest

File Size

199 pages

File Format


Rights Holder

Bhanukiran Gurijala