A method for automatically generating XSS attack vectors

• 1、School of Cyberspace Security ,Beijing University Of Posts and Telecommunications,Beijing 100876

Abstract：Aiming at the shortcomings of XSS vulnerability detection tools in selecting attack vectors, this paper proposes a method for automatically generating XSS attack vectors. In order to optimize the generation of attack vectors, this paper improves the generation methods of attack vectors from three aspects: 1. Propose a modular way to constructattack vectors. Use the Backus Normal Form to define the attack vector generation formulas. Define the mapping relationship between the output contexts and the attack vector types. Then inject different types of attack vectors to different output contexts. 2. Summarize the current mutation rules and map the mutation rules to the component modules of the attack vector to use the corresponding mutation rules for specific modules. 3. Extract the attack vectors features and classify the attack vectors using machine learning classification algorithms to reduce the size of the attack vectors library.Through experiments, the method can generate a small number of highly accurate attack vectors library to improve the efficiency of XSS vulnerability detection.

Keywords： information security attack vectors Backus Normal Form reflection context machine learning classification algorithms