XSS Attack Detection Research Articles

XSShield: A Novel Dataset and Lightweight Hybrid Deep Learning Model for XSS Attack Detection

With the proliferation of web applications, cross-site scripting (XSS) attacks have increased significantly and now pose a significant threat to users' information security and privacy. To enhance the efficiency of XSS attack detection, the adoption of machine learning (ML) and deep learning (DL) techniques offers promising solutions, but their effectiveness is limited by the lack of comprehensive and diverse datasets. Moreover, existing approaches often prioritize detection accuracy over real-time processing capabilities, which are essential for effective defense. To address these challenges, in this paper, we propose a novel framework that automatically collects web resources, efficiently extracts informative features, and constructs an up-to-date XSS attack dataset, which is then used to train a machine learning-based XSS detection model. Using this framework, we created and published a well-structured dataset over 100,000 samples for the research community. Furthermore, we present a hybrid detection model that leverages the strengths of both Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks. Extensive evaluations of our dataset demonstrate that the proposed model outperforms other baseline ML models across various metrics, including processing rate. Notably, our model achieves an accuracy of 99.27% while maintaining a low false positive rate of 0.06% and high processing rate of exceeding 1000 samples per second. These results highlight its high accuracy and robustness in detecting XSS, and suitability for real-time applications. Our work presents a comprehensive solution for enhancing web application security by providing a diverse dataset and a high-accuracy detection model with low latency.

Machine Learning-Driven Detection of Cross-Site Scripting Attacks

The ever-growing web application landscape, fueled by technological advancements, introduces new vulnerabilities to cyberattacks. Cross-site scripting (XSS) attacks pose a significant threat, exploiting the difficulty of distinguishing between benign and malicious scripts within web applications. Traditional detection methods struggle with high false-positive (FP) and false-negative (FN) rates. This research proposes a novel machine learning (ML)-based approach for robust XSS attack detection. We evaluate various models including Random Forest (RF), Logistic Regression (LR), Support Vector Machines (SVMs), Decision Trees (DTs), Extreme Gradient Boosting (XGBoost), Multi-Layer Perceptron (MLP), Convolutional Neural Networks (CNNs), Artificial Neural Networks (ANNs), and ensemble learning. The models are trained on a real-world dataset categorized into benign and malicious traffic, incorporating feature selection methods like Information Gain (IG) and Analysis of Variance (ANOVA) for optimal performance. Our findings reveal exceptional accuracy, with the RF model achieving 99.78% and ensemble models exceeding 99.64%. These results surpass existing methods, demonstrating the effectiveness of the proposed approach in securing web applications while minimizing FPs and FNs. This research offers a significant contribution to the field of web application security by providing a highly accurate and robust ML-based solution for XSS attack detection.

Web Application Firewall (WAF) Design to Detect and Anticipate Hacking in Web-Based Applications

Data leakage cases have recently been rampant in Indonesia. One of the biggest is the leak of user data from BPJS Health in 2021, this data leak is certainly very detrimental to users. This research develops a Web Application Firewall (WAF) using ModSecurity and OWASP Core Rule Set to protect web applications from SQL Injection and XSS attacks. The methodology involves analyzing the functionality of the existing system using UML, with DVWA and WordPress as test objects. Results showed 100% SQL Injection and 99.8% XSS attack detection, with logs recording attacks in real-time. The findings emphasize the importance of WAF integration with web application built-in security, making significant contributions in the design and implementation of resilient WAFs, as well as improving resilience against evolving cyber threats.

Swift Detection of XSS Attacks: Enhancing XSS Attack Detection by Leveraging Hybrid Semantic Embeddings and AI Techniques

AbstractCross-Site Scripting (XSS) attacks continue to be a significant threat to web application security, necessitating robust detection mechanisms to safeguard user data and ensure system integrity. In this study, we present a novel approach for detecting XSS attacks that harnesses the combined capabilities of the Universal Sentence Encoder (USE) and Word2Vec embeddings as a feature extractor, aiming to enhance the performance of machine learning and deep learning techniques. By leveraging the semantic understanding of sentences offered by USE and the word-level representations from Word2Vec, we obtain a comprehensive feature representation for XSS attack payloads. Our proposed approach aims to capture both fine-grained word meanings and broader sentence contexts, leading to enhanced feature extraction and improved model performance. We conducted extensive experiments utilizing machine learning and deep learning architectures to evaluate the effectiveness of our approach. The obtained results demonstrate that our combined embeddings approach outperforms traditional methods, achieving superior accuracy, precision, recall, ROC, and F1-score in detecting XSS attacks. This study not only advances XSS attack detection but also highlights the potential of state-of-the-art natural language processing techniques in web security applications. Our findings offer valuable insights for the development of more robust and effective security measures against XSS attacks.

An efficient artificial intelligence approach for early detection of cross-site scripting attacks

Cross-Site Scripting (XSS) attacks continue to pose a significant threat to web applications, compromising the security and integrity of user data. XSS is a web application vulnerability where malicious scripts are injected into websites, allowing attackers to execute arbitrary code in the victim’s browser. The consequences of XSS attacks can be severe, ranging from financial losses to compromising sensitive user information. XSS attacks enable attackers to deface websites, distribute malware, or launch phishing campaigns, compromising the trust and reputation of affected organizations. This study proposes an efficient artificial intelligence approach for the early detection of XSS attacks, utilizing machine learning and deep learning approaches, including Long Short-Term Memory (LSTM). Additionally, advanced feature engineering techniques, such as the Term Frequency-Inverse Document Frequency (TFIDF), are applied and compared to evaluate results. We introduce a novel approach named LSTM-TFIDF (LSTF) for feature extraction, which combines temporal and TFIDF features from the cross-site scripting dataset, resulting in a new feature set. Extensive research experiments demonstrate that the random forest method achieved a high performance of 0.99, outperforming state-of-the-art approaches using the proposed features. A k-fold cross-validation mechanism is utilized to validate the performance of applied methods, and hyperparameter tuning further enhances the performance of XSS attack detection. We have applied Explainable Artificial Intelligence (XAI) to understand the interpretability and transparency of the proposed model in detecting XSS attacks. This study makes a valuable contribution to the growing body of knowledge on XSS attacks and provides an efficient model for developers and security practitioners to enhance the security of web applications.

Securing web applications against XSS and SQLi attacks using a novel deep learning approach

Modern web application development involves handling enormous amounts of sensitive and consequential data. Security is, therefore, a crucial component of developing web applications. A web application's security is concerned with safeguarding the data it processes. The web application framework must have safeguards to stop and find application vulnerabilities. Among all web application attacks, SQL injection and XSS attacks are common, which may lead to severe damage to Web application data or web functionalities. Currently, there are many solutions provided by various study for SQLi and XSS attack detection, but most of the work shown have used either SQL/XSS payload-based detection or HTTP request-based detection. Few solutions available can detect SQLi and XSS attacks, but these methods provide very high false positive rates, and the accuracy of these models can further be improved. We proposed a novel approach for securing web applications from both cross-site scripting attacks and SQL injection attacks using decoding and standardization of SQL and XSS payloads and HTTP requests and trained our model using hybrid deep learning networks in this paper. The proposed hybrid DL model combines the strengths of CNNs in extracting features from input data and LSTMs in capturing temporal dependencies in sequential data. The soundness of our approach lies in the use of deep learning techniques that can identify subtle patterns in the data that traditional machine learning-based methods might miss. We have created a testbed dataset of Normal and SQLi/XSS HTTP requests and evaluated the performance of our model on this dataset. We have also trained and evaluated the proposed model on the Benchmark dataset HTTP CSIC 2010 and another SQL/XSS payload dataset. The experimental findings show that our proposed approach effectively identifies these attacks with high accuracy and a low percentage of false positives. Additionally, our model performed better than traditional machine learning-based methods. This soundness approach can be applied to various network security applications such as intrusion detection systems and web application firewalls. Using our model, we achieved an accuracy of 99.84%, 99.23% and 99.77% on the SQL-XSS Payload dataset, Testbed dataset and HTTP CSIC 2010 dataset, respectively.

XSS Attack Detection using Machine Learning Algorithms

This project focuses on the development of an XSS attack detection system using machine learning algorithms. The research involves the careful curation of diverse datasets encompassing XSS attacks and benign data. Key features are extracted, emphasizing HTML structure and JavaScript patterns. The study evaluates the efficacy of k- Nearest Neighbors, Logistic Regression, Random Forest, and Support Vector Machines (SVM) in detecting XSS threats. The training phase optimizes model accuracy, and performance metrics such as Precision, Recall, and F1 Score assess the model's effectiveness. Results provide a comparative analysis of machine learning algorithms, offering insights for future implementations. The study contributes to strengthening web security, showcasing the potential of machine learning in XSS attack detection.

A Grey Wolf Optimized XGboost-Multilayer Stacking Approach to Detect XSS Attacks

Life is easier with web applications. However, data stealing has become a serious issue and can have unpleasant effects on human life. This is when attackers try to access sensitive users’ information or acquire illegal rights. Cross-site scripting is the most common attack that steals user information. It is also known as an XSS attack and appears on OWASP’s Top 10 Attacks as well. More than 70 percent of web-based applications are susceptible to XSS attacks. This paper presents a Grey Wolf optimizer based on the XGboost multilayer stacking approach for XSS attack detection. The grey wolf optimizer is also known as the GWO as feature optimization for machine learning. This is superior to FEP, PSO, and GSA algorithms as it overcomes real-world challenges. The proposed techniques categorize XSS and non-XSS with an accuracy of 99.5%, recall rate of 1, false positive rate of 0.004, precision of 98.5%, and F-degree of 99.28%. The proposed methodology also compares with several existing machine learning algorithms and ensemble classifier techniques. It shows that the proposed approach is more accurate than earlier.

An Analysis of the Prevention and Detection of Cross Site Scripting Attack

As technology progresses, web based applications are becoming more vulnerable and threats to it’s security is increasing day by day. One of the ways by which an attacker can attack any web application is cross site scripting attack. The loop holes in a web based application can be exploited by a hacker in ways like, session-hijacking, cookie-stealing, malicious redirection etc. In this survey paper we focuses on the current XSS attack detection techniques and their limitations.

An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short–Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’ patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.

Generative Adversarial Network-based Approach for Automated Generation of Adversarial Attacks Against a Deep-Learning based XSS Attack Detection Model

Generative Adversarial Network-based Approach for Automated Generation of Adversarial Attacks Against a Deep-Learning based XSS Attack Detection Model

A real-time machine learning application for browser extension security monitoring

ABSTRACT One of the most common attacks in browser extensions is Cross-site scripting (XSS). To address these challenges, several browsers have proposed a new mechanism where legitimate browser extensions can only be installed from their respective Web Stores. Nonetheless, this mechanism is not flawless and multiple users still choose to install browser extensions from other sources, leaving them exposed to multiple types of attacks. This paper proposes a browser extension capable of detecting XSS attacks using Machine Learning (ML), as well as other irregularities that may occur in recently installed browser extensions. Regarding the detection of XSS attacks, the detection model is based on the Support Vector Machine (SVM) and it was able to detect malicious scripts with an accuracy of 99.5%, a precision of 99.4%, and a recall of 99.0%. Additionally, the detection of two other types of irregularities, namely the presence of blacklisted or irregular URLs located in the browser extension, and the presence of undesirable data in the manifest file of the browser extension, were considered. A Windows application was also designed in Java and deployed alongside the browser extension to monitor suspicious network requests from the newly installed browser extension.

XSS adversarial example attacks based on deep reinforcement learning

Cross-site scripting (XSS) attack is one of the most serious security problems in web applications. Although deep neural network (DNN) has been used in XSS attack detection and achieved unprecedented success, it is vulnerable to adversarial example attacks because its input-output mapping is quite discontinuous to a large extent. The existence of adversarial examples have raised concerns in applying deep learning to key security fields. Therefore, to evaluate the effectiveness of these detection methods, a XSS adversarial example attack technique using Soft Actor-Critic (SAC) reinforcement learning algorithm is presented in the paper. A key aspect of our idea is to train an agent using SAC algorithm to build adversarial examples for several popular XSS detection models which have been proved can achieve very high accuracy rate by simulation experiments. We first design mutation strategies for different modules of XSS attack vectors to ensure the validity of the generated adversarial examples. Then, the agent selects an appropriate escape strategy according to the feedback of the detection model until it bypasses the detection model. The final experiment results show that our model can achieve an escape rate of more than 92% and outperforms the latest method by up to 6%. In other words, the effectiveness of these detection models needs to be improved, at least in terms of defense adversarial example attacks.

GeneMiner: A Classification Approach for Detection of XSS Attacks on Web Services.

According to OWASP 2021, cross-site scripting (XSS) attacks are increasing through specially crafted XML documents. The attacker injects a malicious payload with a new pattern and combination of scripts, functions, and tags that deceits the existing security mechanisms in web services. This paper proposes an approach, GeneMiner, encompassing GeneMiner-E to extract new features and GeneMiner-C for classification of input payloads as malicious and nonmalicious. The proposed approach evolves itself to the changing patterns of attack payloads and identifies adversarial XSS attacks. The experiments have been conducted by collecting data from open source and generating various combinations of scripts, functions, and tags using an incremental genetic algorithm. The experimental results show that the proposed approach effectively detects newly crafted malicious XSS payloads with an accuracy of 98.5%, which is better than the existing classification techniques. The approach learns variations in the existing attack sample space and identifies the new attack payloads with reduced efforts.

Bayesian network structure learning with improved genetic algorithm

As an important model of machine learning, Bayesian networks (BNs) have received a lot of attentions since they can be used for classification via probabilistic inference. However, since it is a complicated combination optimization problem, BN structure learning cannot be solved with classic convex optimization algorithms. Hence, evolutionary algorithms provide an alternative way to find a global solution to BN structure learning problem. In this paper, we improve the biased random-key genetic algorithm to solve the BN structure learning problem. Meanwhile, we apply a local optimization model as its decoder to improve the performance of the proposed algorithm. Finally, we conduct our experiments on nine benchmark networks and a real dataset of cross-site scripting (XSS) attack. Experimental results show that the proposed algorithm can obtain more accurate solutions than other state-of-the-art algorithms and achieve a good performance in XSS attack detection for web security.

MNN-XSS: Modular Neural Network Based Approach for XSS Attack Detection

The rapid growth and uptake of network-based communication technologies have made cybersecurity a significant challenge as the number of cyber-attacks is also increasing. A number of detection systems are used in an attempt to detect known attacks using signatures in network traffic. In recent years, researchers have used different machine learning methods to detect network attacks without relying on those signatures. The methods generally have a high false-positive rate which is not adequate for an industry-ready intrusion detection product. In this study, we propose and implement a new method that relies on a modular deep neural network for reducing the false positive rate in the XSS attack detection system. Experiments were performed using a dataset consists of 1000 malicious and 10000 benign sample. The model uses 50 features selected by using Pearson correlation method and will be used in the detection and preventions of XSS attacks. The results obtained from the experiments depict improvement in the detection accuracy as high as 99.96% compared to other approaches.

Black-box adversarial attacks on XSS attack detection model

Cross-site scripting (XSS) has been extensively studied, although mitigating such attacks in web applications remains challenging. While there is an increasing number of XSS attack detection approaches designed based on machine learning and deep learning algorithms, it is important to study and evaluate the reliability and security of these approaches. In our study, focusing on machine / deep learning-based XSS attack detection approaches, we propose a fuzzing-based approach to realize “Black&White attack”, in order to effectively improve the confidence coefficient of malicious samples. We also present an adversarial attack model based on Soft Q-learning, designed to generate adversarial attack examples for different XSS attack detection models using multiple strategies. Experimental results reveal that the proposed adversarial attack model generates adversarial attack examples against various XSS attack detection models, with an escape rate of over 85%. In other words, our research has implications on existing XSS attack detection models, for example in terms of effectiveness.

XGBXSS: An Extreme Gradient Boosting Detection Framework for Cross-Site Scripting Attacks Based on Hybrid Feature Selection Approach and Parameters Optimization

With the widespread popularity of the Internet and the transformation of the world into a global village, Web applications have been drawn increased attention over the years by companies, organizations, and social media, making it a prime target for cyber-attacks. The cross-site scripting attack (XSS) is one of the most severe concerns, which has been highlighted in the forefront of information security experts' reports. In this study, we proposed XGBXSS, a novel web-based XSS attack detection framework based on an ensemble-learning technique using the Extreme Gradient Boosting algorithm (XGboost) with extreme parameters optimization approach. An enhanced feature extraction method is presented to extract the most useful features from the developed dataset. Furthermore, a novel hybrid approach for features selection is proposed, comprising information gain (IG) fusing with sequential backward selection (SBS) to select an optimal subset reducing the computational costs and maintaining the high-performance of detector' simultaneously. The proposed framework has successfully exceeded several tests on the holdout testing dataset and achieved avant-garde results with accuracy, precision, detection probabilities, F-score, false-positive rate, false-negative rate, and AUC-ROC scores of 99.59%, 99.53 %, 99.01%, 99.27%, 0.18%, 0.98%, and 99.41%, respectively. Moreover, it can bridge the existing research gap concerning previous detectors, with a higher detection rate and lesser computational complexity. It also has the potential to be deployed as a self-reliant system, which is efficient enough to defeat such attacks, including zero-day XSS-based attacks.

A Study on XSS Attacks: Intelligent Detection Methods

Cross-site scripting is one of the standard web application attacks vulnerable to the application layer. The attacker handles malicious scripting for trusted websites and inject the script. There are numerous types of XSS scripting vulnerable to attack websites incredibly open web applications. The attacker can load or redirect to the malicious webpage. The XSS is susceptible to attack significant websites like medical, e-commerce, banking, etc. The detection and prevention of XSS attacks are still complicated. Plenty of research has been carried out to control the XSS based attack. This paper analyses the XSS attack detection methods by various performance metrics. Numerous works issued in the widespread journals between 2019 and 2020 are reviewed in this paper to accomplish these requirements. The reviewed articles are compared concerning algorithms’ simplicity, the type they belong, and the performance metrics. The work assumed that the movement in the application of elementary methods to detect XSS attacks is better than the recommendations that custom some artificial-intelligence techniques.

Detection of XSS Attacks in Web Applications: A Machine Learning Approach

Detection of XSS Attacks in Web Applications: A Machine Learning Approach