Few-shot graph classification on cross-site scripting attacks detection

Abstract

Cross-site scripting (XSS) payloads are an important part of XSS attacks, which contain malicious code and are injected into Web pages. There have been many research results based on machine learning and deep learning for the detection of XSS attacks. However, the current widely used datasets suffer from a serious data imbalance in the field of XSS attack detection, with a very limited number of samples for most XSS payload categories. Unfortunately, this problem has been overlooked in existing research. Although existing methods generally show high detection performance, they have been experimentally proven to have poor detection and generalization performance for some XSS payload categories. However, since such samples have a sparse number, their classification errors do not significantly affect the overall performance. To solve this problem, a few-shot graph classification method FSXSS applicable to XSS attacks detection is proposed. FSXSS reduces obfuscated malicious code by anti-obfuscation means such as circular decoding and code stitching, and then transforms the sample data into homomorphic graphs using contextual relationships and external word embeddings. These homomorphic graphs are used as input to obtain a vector representation of the graph through graph representation learning, and then the classifier classifies the samples by computing the similarity between them and the prototype. In addition, since there is no publicly available dataset for the few-shot XSS attack detection problem, we processed and labeled the data from the XSSED project to create the dataset FSXSSED. Experiments proved that FSXSS has excellent capabilities for the few-shot XSS attack detection problem.