Machine Learning Based XSS Attacks Detection Method

Korrawit Santithanmanan; Khwunta Kirimasthong; Tossapon Boongoen

doi:10.1007/978-3-031-47508-533

Machine Learning Based XSS Attacks Detection Method

Korrawit Santithanmanan, Khwunta Kirimasthong, Tossapon Boongoen

Adran Cyfrifiadureg

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Trafodion Cynhadledd (Nid-Cyfnodolyn fathau)

Crynodeb

Cross-Site Scripting (XSS) attacks pose a significant threat to web applications by allowing the attacker to use the XSS to inject malicious code, typically JavaScript, and send it to other users in the form of a URL to identify which URLs are malicious. The attackers inject and execute arbitrary code within a user's browser, potentially leading to unauthorized access and data theft. Therefore, the objective of this paper is to propose machine learning-based methods for detecting XSS attacks focusing on URLs that follow domain names were non-alphanumeric characters that can appear in Javascript by using k-NN, Decision Tree, SVM, and Gaussian Naive Bayes classification model. This information aids in selecting the most suitable model for real-world deployment, ensuring efficient and reliable detection of XSS attacks in web applications. By training the models on a diverse dataset containing both benign and malicious scripts, they learn to differentiate between safe and malicious code, enhancing the accuracy of detection to find the best model for detecting websites that will inject scripts or 33 non-alphanumeric characters and characters that can appear in Javascript that possibly steal sensitive information about victims. The evaluation results reveal the performance of each model in terms of its ability to identify and classify malicious URLs accurately.

Iaith wreiddiol	Saesneg
Teitl	ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023
Golygyddion	P Jenkins, P Grace, L Yang, S Prajapat, N Naik
Man cyhoeddi	GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND
Cyhoeddwr	Springer Nature
Tudalennau	418-429
Nifer y tudalennau	12
Cyfrol	1453
ISBN (Argraffiad)	978-3-031-47507-8; 978-3-031-47508-5
Dynodwyr Gwrthrych Digidol (DOIs)	https://doi.org/10.1007/978-3-031-47508-533
Statws	Cyhoeddwyd - 2024

Cyfres gyhoeddiadau

Enw	Advances in Intelligent Systems and Computing
Cyhoeddwr	SPRINGER INTERNATIONAL PUBLISHING AG

NDC y CU

Mae’r allbwn hwn yn cyfrannu at y Nod(au) Datblygu Cynaliadwy canlynol

Mynediad at Ddogfen

10.1007/978-3-031-47508-533

Cysylltiad parhaol

Dolen barhaus

Dyfynnu hyn

Santithanmanan, K., Kirimasthong, K., & Boongoen, T. (2024). Machine Learning Based XSS Attacks Detection Method. Yn P. Jenkins, P. Grace, L. Yang, S. Prajapat, & N. Naik (Gol.), ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023 (Cyfrol 1453, tt. 418-429). (Advances in Intelligent Systems and Computing). Springer Nature. https://doi.org/10.1007/978-3-031-47508-533

Santithanmanan, Korrawit ; Kirimasthong, Khwunta ; Boongoen, Tossapon. / Machine Learning Based XSS Attacks Detection Method. ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023. Gol. / P Jenkins ; P Grace ; L Yang ; S Prajapat ; N Naik. Cyfrol 1453 GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND : Springer Nature, 2024. tt. 418-429 (Advances in Intelligent Systems and Computing).

@inproceedings{eac5116518da4dc4a234a93bfde61e1e,

title = "Machine Learning Based XSS Attacks Detection Method",

abstract = "Cross-Site Scripting (XSS) attacks pose a significant threat to web applications by allowing the attacker to use the XSS to inject malicious code, typically JavaScript, and send it to other users in the form of a URL to identify which URLs are malicious. The attackers inject and execute arbitrary code within a user's browser, potentially leading to unauthorized access and data theft. Therefore, the objective of this paper is to propose machine learning-based methods for detecting XSS attacks focusing on URLs that follow domain names were non-alphanumeric characters that can appear in Javascript by using k-NN, Decision Tree, SVM, and Gaussian Naive Bayes classification model. This information aids in selecting the most suitable model for real-world deployment, ensuring efficient and reliable detection of XSS attacks in web applications. By training the models on a diverse dataset containing both benign and malicious scripts, they learn to differentiate between safe and malicious code, enhancing the accuracy of detection to find the best model for detecting websites that will inject scripts or 33 non-alphanumeric characters and characters that can appear in Javascript that possibly steal sensitive information about victims. The evaluation results reveal the performance of each model in terms of its ability to identify and classify malicious URLs accurately.",

keywords = "Cross-site scripting, XSS attack, Machine learning, k-NN, Decision tree, SVM, Gaussian naive bayes",

author = "Korrawit Santithanmanan and Khwunta Kirimasthong and Tossapon Boongoen",

note = "22nd UK Workshop on Computational Intelligence (UKCI), Birmingham, ENGLAND, SEP 06-08, 2023",

year = "2024",

doi = "10.1007/978-3-031-47508-533",

language = "English",

isbn = "978-3-031-47507-8; 978-3-031-47508-5",

volume = "1453",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer Nature",

pages = "418--429",

editor = "P Jenkins and P Grace and L Yang and S Prajapat and N Naik",

booktitle = "ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023",

address = "Switzerland",

}

Santithanmanan, K, Kirimasthong, K & Boongoen, T 2024, Machine Learning Based XSS Attacks Detection Method. yn P Jenkins, P Grace, L Yang, S Prajapat & N Naik (gol.), ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023. cyfrol. 1453, Advances in Intelligent Systems and Computing, Springer Nature, GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND, tt. 418-429. https://doi.org/10.1007/978-3-031-47508-533

Machine Learning Based XSS Attacks Detection Method. / Santithanmanan, Korrawit; Kirimasthong, Khwunta; Boongoen, Tossapon.
ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023. gol. / P Jenkins; P Grace; L Yang; S Prajapat; N Naik. Cyfrol 1453 GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND: Springer Nature, 2024. t. 418-429 (Advances in Intelligent Systems and Computing).

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Trafodion Cynhadledd (Nid-Cyfnodolyn fathau)

TY - GEN

T1 - Machine Learning Based XSS Attacks Detection Method

AU - Santithanmanan, Korrawit

AU - Kirimasthong, Khwunta

AU - Boongoen, Tossapon

N1 - 22nd UK Workshop on Computational Intelligence (UKCI), Birmingham, ENGLAND, SEP 06-08, 2023

PY - 2024

Y1 - 2024

N2 - Cross-Site Scripting (XSS) attacks pose a significant threat to web applications by allowing the attacker to use the XSS to inject malicious code, typically JavaScript, and send it to other users in the form of a URL to identify which URLs are malicious. The attackers inject and execute arbitrary code within a user's browser, potentially leading to unauthorized access and data theft. Therefore, the objective of this paper is to propose machine learning-based methods for detecting XSS attacks focusing on URLs that follow domain names were non-alphanumeric characters that can appear in Javascript by using k-NN, Decision Tree, SVM, and Gaussian Naive Bayes classification model. This information aids in selecting the most suitable model for real-world deployment, ensuring efficient and reliable detection of XSS attacks in web applications. By training the models on a diverse dataset containing both benign and malicious scripts, they learn to differentiate between safe and malicious code, enhancing the accuracy of detection to find the best model for detecting websites that will inject scripts or 33 non-alphanumeric characters and characters that can appear in Javascript that possibly steal sensitive information about victims. The evaluation results reveal the performance of each model in terms of its ability to identify and classify malicious URLs accurately.

AB - Cross-Site Scripting (XSS) attacks pose a significant threat to web applications by allowing the attacker to use the XSS to inject malicious code, typically JavaScript, and send it to other users in the form of a URL to identify which URLs are malicious. The attackers inject and execute arbitrary code within a user's browser, potentially leading to unauthorized access and data theft. Therefore, the objective of this paper is to propose machine learning-based methods for detecting XSS attacks focusing on URLs that follow domain names were non-alphanumeric characters that can appear in Javascript by using k-NN, Decision Tree, SVM, and Gaussian Naive Bayes classification model. This information aids in selecting the most suitable model for real-world deployment, ensuring efficient and reliable detection of XSS attacks in web applications. By training the models on a diverse dataset containing both benign and malicious scripts, they learn to differentiate between safe and malicious code, enhancing the accuracy of detection to find the best model for detecting websites that will inject scripts or 33 non-alphanumeric characters and characters that can appear in Javascript that possibly steal sensitive information about victims. The evaluation results reveal the performance of each model in terms of its ability to identify and classify malicious URLs accurately.

KW - Cross-site scripting

KW - XSS attack

KW - Machine learning

KW - k-NN

KW - Decision tree

KW - SVM

KW - Gaussian naive bayes

U2 - 10.1007/978-3-031-47508-533

DO - 10.1007/978-3-031-47508-533

M3 - Conference Proceeding (Non-Journal item)

SN - 978-3-031-47507-8; 978-3-031-47508-5

VL - 1453

T3 - Advances in Intelligent Systems and Computing

SP - 418

EP - 429

BT - ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023

A2 - Jenkins, P

A2 - Grace, P

A2 - Yang, L

A2 - Prajapat, S

A2 - Naik, N

PB - Springer Nature

CY - GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND

ER -

Santithanmanan K, Kirimasthong K, Boongoen T. Machine Learning Based XSS Attacks Detection Method. Yn Jenkins P, Grace P, Yang L, Prajapat S, Naik N, golygyddion, ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023. Cyfrol 1453. GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND: Springer Nature. 2024. t. 418-429. (Advances in Intelligent Systems and Computing). doi: 10.1007/978-3-031-47508-533

Machine Learning Based XSS Attacks Detection Method

Crynodeb

Cyfres gyhoeddiadau

NDC y CU

Mynediad at Ddogfen

Cysylltiad parhaol

Ôl bys

Dyfynnu hyn