DETECT XSS ATTACK USING ENSEMBLE LEARNING
DOI:
https://doi.org/10.59266/houjs.2023.272Keywords:
XSS attack, Cross-site scripting, Detection of XSS attack, Network security, Ensemble learningAbstract
Cross-site scripting is a common type of attack in web applications. Existing solutions such as filter-based, dynamic, and static analysis are ineffective in detecting unknown XSS attacks. Some published studies on using machine learning to detect XSS attacks can detect unknown XSS attacks, but they create some issues, such as single base classifiers, small datasets, and low model performance. The ensemble learning method used in this study includes AdaBoost; Bagging with SVM, Extra-Trees; Stacking with Extra-Tree and Naïve Bayes, and Randomforest with three separate data files and three basic feature groups. In this study, the model achieved a performance of 99.32% with the Random Forest algorithm.
References
[1]. Sarmah, U., Bhattacharyya, D. K., & Kalita, J. K., “A survey of detection methods for XSS attacks,” Journal of Network and Computer Applications, pp. 113-143, 2018.
[2]. PMD Nagarjun1, Shaik Shakeel Ahamad2, “Ensemble Methods to Detect XSS Attacks,” International Journal of Advanced Computer Science and Applications, vol. 11, pp. 695-700, 2020.
[3]. Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D, “A systematic analysis of XSS sanitization in web application frameworks,” Lecture Notes in Computer Science, vol. 6879, pp. 150-171, 2011.
[4]. Nadji, Y., Saxena, P., Song, D,“Document structure integrity: a robust basis for cross-site scripting defense,” Network and Distributed System Security Symposium, 2009.
[5]. Van Gundy, M., Chen, H., “Noncespaces: using randomization to defeat cross-site scripting attacks,” Comput. Secur., vol. 31, no. 4, pp. 612-628, 2012.
[6]. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G, “Cross site scripting prevention with dynamic data tainting and static analysis,” Network and Distributed System Security Symposium, p. 12. Internet Society , 2007.
[7]. Likarish, P., Jung, E., Jo, I., “Obfuscated malicious JavaScript detection using classification techniques,” Malicious and Unwanted Software, pp. 47-54, 2009.
[8]. Fawaz .M, Jacob .H, “Detecting Cross-Site Scripting Attacks Using Machine Learning,” The International Conference on Advanced Machine Learning Technologies and Applications, 2018.
[9]. F. M. M. Mokbal, W. Dan, A. Imran, L. Jiuchuan, F. Akhtar, and W. Xiaoxi, “MLPXSS: An Integrated XSS- Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique,” IEEE, vol. 7, p. 100567–100580, 2019.
[10]. Y. Wang, W. Cai, and P. Wei, “A deep learning approach for detecting malicious JavaScript code,” Secur. Commun. network, vol. 9, no. 11, pp. 1520-1535, 2016.
[11]. Kaggle, “Cross site scripting - xss dataset for deep learning,” [Online]. Available: https://www.kaggle.com/datasets/syedsaqlainhussain/cross- site-scripting-xss-dataset-for-deep- learning. [Accessed 09 2022].
[12]. Github, “Cross-Site-Scripting-XSS- Dataset,” [Online]. Available: https:// github.com/fmereani/Cross-Site- Scripting-XSS. [Accessed 09 2022].
[13]. Github, “XSS Payload List,” [Online]. Available: https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt. [Accessed 09 2022].
