Abstract
Since web technologies are getting more advanced with longer codes, the number of vulnerabilities has increased considerably. Cross-site scripting (XSS) attacks are one of the most common attacks that use vulnerabilities in web applications. There are three types of cross-site scripting attacks namely, reflected, stored, and DOM-based attacks. Reflected XSS attacks are the most common type that is usually implemented by injecting a malicious code into the URL and then sending the URL to the targeted system by using phishing methods, which is a significant threat for recent web applications. Our motivation is the lack of a high performance detection method of reflected XSS attacks with high accuracy. In this paper, we propose a hybrid machine learning model to detect vulnerabilities related to reflected XSS attacks for a given URL of a website. Our model uses a scanner to discover vulnerabilities in a web site and convolutional neural networks to predict the most common vulnerabilities that may be used for reflected XSS attacks, which makes the proposed model hybrid. We analyzed the model experimentally. Analyses results show that the proposed model is able to detect vulnerable attack surfaces with 99 % accuracy.
Highlights
RECENTLY, THE number of web applications have increased dramatically with the rapid proliferation of the Internet
Analyses show that 32% of the web applications have extremely poor security levels, and 23% of web applications have poor security levels [1]
Li and Wei create a model for a more efficient automatic XSS detection tool by using Support Vector Machine (SVM) algorithm, which is used to determine whether parameters submitted by users are malicious or not in case of XSS attacks [9]
Summary
Abstract—Since web technologies are getting more advanced with longer codes, the number of vulnerabilities has increased considerably. Cross-site scripting (XSS) attacks are one of the most common attacks that use vulnerabilities in web applications. Reflected XSS attacks are the most common type that is usually implemented by injecting a malicious code into the URL and sending the URL to the targeted system by using phishing methods, which is a significant threat for recent web applications. Our motivation is the lack of a high-performance detection method of reflected XSS attacks with high accuracy. We propose a hybrid machine learning model to detect vulnerabilities related to reflected XSS attacks for a given URL of a website. Our model uses a scanner to discover vulnerabilities in a web site and convolutional neural networks to predict the most common vulnerabilities that may be used for reflected XSS attacks, which makes the proposed model hybrid.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
