TY - GEN
T1 - Machine Learning Based XSS Attacks Detection Method
AU - Santithanmanan, Korrawit
AU - Kirimasthong, Khwunta
AU - Boongoen, Tossapon
N1 - 22nd UK Workshop on Computational Intelligence (UKCI), Birmingham, ENGLAND, SEP 06-08, 2023
PY - 2024
Y1 - 2024
N2 - Cross-Site Scripting (XSS) attacks pose a significant threat to web applications by allowing the attacker to use the XSS to inject malicious code, typically JavaScript, and send it to other users in the form of a URL to identify which URLs are malicious. The attackers inject and execute arbitrary code within a user's browser, potentially leading to unauthorized access and data theft. Therefore, the objective of this paper is to propose machine learning-based methods for detecting XSS attacks focusing on URLs that follow domain names were non-alphanumeric characters that can appear in Javascript by using k-NN, Decision Tree, SVM, and Gaussian Naive Bayes classification model. This information aids in selecting the most suitable model for real-world deployment, ensuring efficient and reliable detection of XSS attacks in web applications. By training the models on a diverse dataset containing both benign and malicious scripts, they learn to differentiate between safe and malicious code, enhancing the accuracy of detection to find the best model for detecting websites that will inject scripts or 33 non-alphanumeric characters and characters that can appear in Javascript that possibly steal sensitive information about victims. The evaluation results reveal the performance of each model in terms of its ability to identify and classify malicious URLs accurately.
AB - Cross-Site Scripting (XSS) attacks pose a significant threat to web applications by allowing the attacker to use the XSS to inject malicious code, typically JavaScript, and send it to other users in the form of a URL to identify which URLs are malicious. The attackers inject and execute arbitrary code within a user's browser, potentially leading to unauthorized access and data theft. Therefore, the objective of this paper is to propose machine learning-based methods for detecting XSS attacks focusing on URLs that follow domain names were non-alphanumeric characters that can appear in Javascript by using k-NN, Decision Tree, SVM, and Gaussian Naive Bayes classification model. This information aids in selecting the most suitable model for real-world deployment, ensuring efficient and reliable detection of XSS attacks in web applications. By training the models on a diverse dataset containing both benign and malicious scripts, they learn to differentiate between safe and malicious code, enhancing the accuracy of detection to find the best model for detecting websites that will inject scripts or 33 non-alphanumeric characters and characters that can appear in Javascript that possibly steal sensitive information about victims. The evaluation results reveal the performance of each model in terms of its ability to identify and classify malicious URLs accurately.
KW - Cross-site scripting
KW - XSS attack
KW - Machine learning
KW - k-NN
KW - Decision tree
KW - SVM
KW - Gaussian naive bayes
U2 - 10.1007/978-3-031-47508-533
DO - 10.1007/978-3-031-47508-533
M3 - Conference Proceeding (Non-Journal item)
SN - 978-3-031-47507-8; 978-3-031-47508-5
VL - 1453
T3 - Advances in Intelligent Systems and Computing
SP - 418
EP - 429
BT - ADVANCES IN COMPUTATIONAL INTELLIGENCE SYSTEMS, UKCI 2023
A2 - Jenkins, P
A2 - Grace, P
A2 - Yang, L
A2 - Prajapat, S
A2 - Naik, N
PB - Springer Nature
CY - GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND
ER -
