Cross Site Scripting (XSS) vulnerability detection using Machine Learning and Statistical Analysis

Abstract

In our current technological development, usage of social networking, e-commerce, media, and management, web application plays a very indispensable role on the Internet. organizations use web applications to reach information to the public, e-commerce sites like Amazon and Flipkart use web applications to sell their products, and social networking sites like Facebook and Instagram use web applications. Many other services are provided on the web. Every mobile application will have its equivalent web application. Web Application Security plays a very vital role around the world. Cross Site Scripting (XSS) attacks are by far the most common and widely used method for stealing data from web applications. This paper discusses the XSS vulnerability detection using different deep learning and machine learning models. XSS attacks are a common type of web-based attack in which malicious code is injected into a website or web application, allowing attackers to steal sensitive information or perform other malicious actions. To ensure web-based systems’ security, XSS attack detection and prevention are essential. If the attacker successfully executes the XSS script, then the website will be compromised, and the attacker can steal sensitive data. The Open Web Application Security Project (OWASP) has listed XSS attacks as a top three risk to web applications. This research paper proposes a novel approach for detecting XSS attacks using different models. Deep learning algorithms such as Long Short Term Memory (LSTM), Convolution Neural Networks (CNN) and boosting algorithms such as AdaBoost and Gradient Boosting algorithms, and classification algorithms such as Logistic Regression (LR), Support Vector Machine (SVM), K-Nearest Neighbour (KNN), Random Forest (RF), Naive Bayes (NB), and Decision Tree (DT) algorithm for the detection of XSS attacks. To evaluate the effectiveness of our approach, we conducted experiments on a dataset of real-world XSS attacks and non-attack web requests. Our experiments showed that our machine-learning model was able to accurately identify XSS attacks with a high degree of accuracy, outperforming several baseline approaches. Overall, our research demonstrates the potential for using machine learning to detect XSS attacks effectively.