Cost-effective detection system of cross-site scripting attacks using hybrid learning approach

Abstract

Cross-Site Scripting (XSS) attacks inject malicious code payloads into web application logs, triggering stored cross-site scripting execution when accessing the view-logs interface. The destruction produced by the XSS injection susceptibilities is especially significant since the attacker can steal sensitive data such as the stored user's cookies and tokens or control the host remotely by using remote code execution of XSS. For example, if an attacker manages to obtain the cookies of the website administrator, the whole website can be taken over. In this paper, we develop and evaluate the performance of a machine-learning-based XSS detection system for website applications. Particularly, we investigate using three supervised machine learning: optimizable k-nearest neighbours, optimizable naïve bays, and hybrid (ensemble) learning of decision trees. To validate the system's efficacy, we employed the XSS-Attacks-2019 dataset consisting of modern real-world traffic-subjected types of classes normal (benign) or anomaly (XSS attack). To verify the performance evaluation, we have used several conventional metrics, including the confusion matrix analysis, the detection accuracy, the detection precision, the detection sensitivity, the harmonic detection means, and the detection time. The experimental results demonstrated the predominance of the hybrid learning-based XSS detection system. The best performance indicators peaked at 99.8% (accuracy, precision, and sensitivity) with a very short detection time of 103.1 μSec. Conclusively, the proposed hybrid model outpaced several recent XSS-attacks detection systems in the same study area.