Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning
The frequent variations of XSS (cross-site scripting) payloads make static and dynamic analysis difficult to detect effectively. In this paper, we proposed a fusion verification method that combines traffic detection with XSS payload detection, using machine learning to detect XSS attacks. In additi...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-10-01
|
| Series: | Mathematics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7390/10/20/3787 |
| _version_ | 1797471715120381952 |
|---|---|
| author | Jiazhong Lu Zhitan Wei Zhi Qin Yan Chang Shibin Zhang |
| author_facet | Jiazhong Lu Zhitan Wei Zhi Qin Yan Chang Shibin Zhang |
| author_sort | Jiazhong Lu |
| collection | DOAJ |
| description | The frequent variations of XSS (cross-site scripting) payloads make static and dynamic analysis difficult to detect effectively. In this paper, we proposed a fusion verification method that combines traffic detection with XSS payload detection, using machine learning to detect XSS attacks. In addition, we also proposed seven new payload features to improve detection efficiency. In order to verify the effectiveness of our method, we simulated and tested 20 public CVE (Common Vulnerabilities and Exposures) XSS attacks. The experimental results show that our proposed method has better accuracy than the single traffic detection model. Among them, the recall rate increased by an average of 48%, the F1 score increased by an average of 27.94%, the accuracy rate increased by 9.29%, and the accuracy rate increased by 3.81%. Moreover, the seven new features proposed in this paper account for 34.12% of the total contribution rate of the classifier. |
| first_indexed | 2024-03-09T19:52:08Z |
| format | Article |
| id | doaj.art-5fbd69c5280d4f58b14754a97115f973 |
| institution | Directory Open Access Journal |
| issn | 2227-7390 |
| language | English |
| last_indexed | 2024-03-09T19:52:08Z |
| publishDate | 2022-10-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Mathematics |
| spelling | doaj.art-5fbd69c5280d4f58b14754a97115f9732023-11-24T01:06:59ZengMDPI AGMathematics2227-73902022-10-011020378710.3390/math10203787Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine LearningJiazhong Lu0Zhitan Wei1Zhi Qin2Yan Chang3Shibin Zhang4School of Cybersecurity, Chengdu University of Information Technology, Chengdu 610225, ChinaSchool of Cybersecurity, Chengdu University of Information Technology, Chengdu 610225, ChinaSchool of Cybersecurity, Chengdu University of Information Technology, Chengdu 610225, ChinaSchool of Cybersecurity, Chengdu University of Information Technology, Chengdu 610225, ChinaSchool of Cybersecurity, Chengdu University of Information Technology, Chengdu 610225, ChinaThe frequent variations of XSS (cross-site scripting) payloads make static and dynamic analysis difficult to detect effectively. In this paper, we proposed a fusion verification method that combines traffic detection with XSS payload detection, using machine learning to detect XSS attacks. In addition, we also proposed seven new payload features to improve detection efficiency. In order to verify the effectiveness of our method, we simulated and tested 20 public CVE (Common Vulnerabilities and Exposures) XSS attacks. The experimental results show that our proposed method has better accuracy than the single traffic detection model. Among them, the recall rate increased by an average of 48%, the F1 score increased by an average of 27.94%, the accuracy rate increased by 9.29%, and the accuracy rate increased by 3.81%. Moreover, the seven new features proposed in this paper account for 34.12% of the total contribution rate of the classifier.https://www.mdpi.com/2227-7390/10/20/3787XSS attacktraffic detectionpayloadsfusion verification |
| spellingShingle | Jiazhong Lu Zhitan Wei Zhi Qin Yan Chang Shibin Zhang Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning Mathematics XSS attack traffic detection payloads fusion verification |
| title | Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning |
| title_full | Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning |
| title_fullStr | Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning |
| title_full_unstemmed | Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning |
| title_short | Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning |
| title_sort | resolving cross site scripting attacks through fusion verification and machine learning |
| topic | XSS attack traffic detection payloads fusion verification |
| url | https://www.mdpi.com/2227-7390/10/20/3787 |
| work_keys_str_mv | AT jiazhonglu resolvingcrosssitescriptingattacksthroughfusionverificationandmachinelearning AT zhitanwei resolvingcrosssitescriptingattacksthroughfusionverificationandmachinelearning AT zhiqin resolvingcrosssitescriptingattacksthroughfusionverificationandmachinelearning AT yanchang resolvingcrosssitescriptingattacksthroughfusionverificationandmachinelearning AT shibinzhang resolvingcrosssitescriptingattacksthroughfusionverificationandmachinelearning |