Machine and deep learning-based XSS detection approaches: a systematic literature review

Web applications are paramount tools for facilitating services providing in the modern world. Unfortunately, the tremendous growth in the web application usage has resulted in a rise in cyberattacks. Cross-site scripting (XSS) is one of the most frequent cyber security attack vectors that threaten the end user as well as the service provider with the same degree of severity. Recently, an obvious increase of the Machine learning and deep learning ML/DL techniques adoption in XSS attack detection. The goal of this review is to come with a special attention and highlight of Machine learning and deep learning approaches. Thus, in this paper, we present a review of recent advances applied in ML/DL for XSS attack detection and classification. The existing proposed ML/DL approaches for XSS attack detection are analyzed and taxonomized comprehensively in terms of domain areas, data preprocessing, feature extraction, feature selection, dimensionality reduction, Data imbalance, performance metrics, datasets, and data types. Our analysis reveals that the way of how the XSS data is preprocessed considerably impacts the performance and the attack detection models. Proposing a full preprocessing cycle reveals how various ML/DL approaches for XSS attacks detection take advantage of different input data preprocessing techniques. The most used ML/DL and preprocessing stages have also been identified. The limitations of existing ML/DL-based XSS attack detection mechanisms are highlighted to identify the potential gaps and future trends.