Cost-effective detection system of cross-site scripting attacks using hybrid learning approach

被引:12
|
作者
Abu Al-Haija, Qasem [1 ]
机构
[1] Princess Sumaya Univ Technol PSUT, Dept Cybersecur, Amman, Jordan
关键词
Cyberattacks; Cross-site scripting attacks; Machine learning; Cyberattacks detection; Cybersecurity;
D O I
10.1016/j.rineng.2023.101266
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
Cross-Site Scripting (XSS) attacks inject malicious code payloads into web application logs, triggering stored cross-site scripting execution when accessing the view-logs interface. The destruction produced by the XSS in-jection susceptibilities is especially significant since the attacker can steal sensitive data such as the stored user's cookies and tokens or control the host remotely by using remote code execution of XSS. For example, if an attacker manages to obtain the cookies of the website administrator, the whole website can be taken over. In this paper, we develop and evaluate the performance of a machine-learning-based XSS detection system for website applications. Particularly, we investigate using three supervised machine learning: optimizable k-nearest neighbours, optimizable naive bays, and hybrid (ensemble) learning of decision trees. To validate the system's efficacy, we employed the XSS-Attacks-2019 dataset consisting of modern real-world traffic-subjected types of classes normal (benign) or anomaly (XSS attack). To verify the performance evaluation, we have used several conventional metrics, including the confusion matrix analysis, the detection accuracy, the detection precision, the detection sensitivity, the harmonic detection means, and the detection time. The experimental results demonstrated the predominance of the hybrid learning-based XSS detection system. The best performance in-dicators peaked at 99.8% (accuracy, precision, and sensitivity) with a very short detection time of 103.1 & mu;Sec. Conclusively, the proposed hybrid model outpaced several recent XSS-attacks detection systems in the same study area.
引用
收藏
页数:8
相关论文
共 50 条
  • [31] The Detecting Cross-Site Scripting (XSS) Using Machine Learning Methods
    Kascheev, Stanislav
    Olenchikova, Tatyana
    2020 GLOBAL SMART INDUSTRY CONFERENCE (GLOSIC), 2020, : 265 - 270
  • [32] A Survey on Detection and Prevention of Cross-Site Scripting Attack
    Nithya, V.
    Pandian, S. Lakshmana
    Malarvizhi, C.
    INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (03): : 139 - 151
  • [33] Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning
    Lee, Soyoung
    Wi, Seongil
    Son, Sooel
    PROCEEDINGS OF THE ACM WEB CONFERENCE 2022 (WWW'22), 2022, : 743 - 754
  • [34] Machine Learning based Cross-site Scripting Detection in Online Social Network
    Wang, Rui
    Jia, Xiaoqi
    Li, Qinlei
    Zhang, Shengzhi
    2014 IEEE INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS, 2014 IEEE 6TH INTL SYMP ON CYBERSPACE SAFETY AND SECURITY, 2014 IEEE 11TH INTL CONF ON EMBEDDED SOFTWARE AND SYST (HPCC,CSS,ICESS), 2014, : 823 - 826
  • [35] A Context-Sensitive Approach for Precise Detection of Cross-Site Scripting Vulnerabilities
    Gupta, Mukesh Kumar
    Govil, Mahesh Chand
    Singh, Girdhari
    2014 10TH INTERNATIONAL CONFERENCE ON INNOVATIONS IN INFORMATION TECHNOLOGY (IIT), 2014, : 7 - 12
  • [36] BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
    Ter Louw, Mike
    Venkatakrishnan, V. N.
    PROCEEDINGS OF THE 2009 30TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2009, : 331 - 346
  • [37] Privilege-Based Scoring System Against Cross-Site Scripting Using Machine Learning
    Sunder, N. Shyam
    Gireeshkumar, T.
    ARTIFICIAL INTELLIGENCE AND EVOLUTIONARY COMPUTATIONS IN ENGINEERING SYSTEMS, ICAIECES 2015, 2016, 394 : 591 - 598
  • [38] Browser's Defenses Against Reflected Cross-Site Scripting Attacks
    Mewara, Bhawna
    Bairwa, Sheetal
    Gajrani, Jyoti
    2014 INTERNATIONAL CONFERENCE ON SIGNAL PROPAGATION AND COMPUTER TECHNOLOGY (ICSPCT 2014), 2014, : 662 - 667
  • [39] XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities
    Escuela Politecnica Nacional, Facultad de Ingenieŕia de Sistemas, Quito, Ecuador
    不详
    Cyber Secur. Netw. Conf., CSNet, 1600, (142-149):
  • [40] Proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
    Ismail, O
    Etoh, M
    Kadobayashi, Y
    Yamaguchi, S
    18TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 1 (LONG PAPERS), PROCEEDINGS, 2004, : 145 - 151