Detecting Cross-Site Scripting Attacks Using Machine Learning
Howe, J. M. & Mereani, F. (2018). Detecting Cross-Site Scripting Attacks Using Machine Learning. Advances in Intelligent Systems and Computing, 723, pp. 200-210. doi: 10.1007/978-3-319-74690-6_20
Abstract
Cross-site scripting (XSS) is one of the most frequently occurring types of attacks on web applications, hence is of importance in information security. XSS is where the attacker injects malicious code, typically JavaScript, into the web application in order to be executed in the user’s browser. Identifying that a script is malicious is an important part of the defence of a web application. This paper investigates using SVM, k-NN and Random Forests to detect and limit these attacks, whether known or unknown, by building classifiers for JavaScript code. It demonstrated that using an interesting feature set combining language syntax and behavioural features results in classifiers that give high accuracy and precision on large real world data sets without restricting attention only to obfuscation.
| Publication Type: | Article |
|---|---|
| Additional Information: | This is a post-peer-review, pre-copyedit version of an article published in Advances in Intelligent Systems and Computing. The final authenticated version is available online at: http://dx.doi.org/0.1007/978-3-319-74690-6_20 |
| Publisher Keywords: | Cross-site scripting; System security; Supervised learning; Classifiers Features selection |
| Departments: | School of Science & Technology > Computer Science |
| SWORD Depositor: |
Download (220kB) | Preview
Export
Downloads
Downloads per month over past year
Metadata
MetadataActions (login required)
Admin Login