Detection of Cross-Site Scripting Attacks with Code Analysis Using Text Convolution Neural Networks as a Step to Improve User Security
Article Sidebar
Main Article Content
Abstract
The main objective of this research is to build a reliable model capable of classifying Cross-Site Scripting (XSS) attacks through input analysis using the Convolutional Neural Network (CNN) method. The input in question is a JavaScript or HTML script indicated to be included in the XSS attack script. The development of the model architecture is based on the basic Text CNN architecture. The TensorFlow Keras library in Python is used to build the model architecture. The model is trained to study the correlation between data using data from the internet. The model's performance in data classification tasks will be evaluated using accuracy metrics and binary cross-entropy functions. The built model can accurately classify cross-site scripting attack data of 99.95% with a loss rate of 0.29%. To get the optimal model architecture, several experiments are needed to determine the correct number, components, and filter layer size. The Text CNN method for classifying XSS attacks is a new approach to detecting and preventing XSS attacks. The proposed CNN method is specifically for text processing that has been widely used in various fields and has proven performance. Input analysis is the foremost approach used and is crucial in preventing XSS attacks, considering that these attacks are generally carried out by code injection. The built model can accurately classify cross-site scripting attack data of 99.95% with a loss rate of 0.29%. The application of the Text CNN method makes the proposed model quite reliable and able to outperform previous methods in the XSS attack classification task.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
Z. Liu, Y. Fang, C. Huang, and Y. Xu, “MFXSS: An effective XSS vulnerability detection method in JavaScript based on multi-feature model,”Comput Security, vol. 124, Jan. 2023, doi: 10.1016/j.cose.2022.103015.
F. Caturano, G. Perrone, and S. Pietro Romano, "Discovering reflected cross-site scripting vulnerabilities using a multiobjective reinforcement learning environment, "Comput Security, vol. 103, Apr. 2021, doi: 10.1016/j.cose.2021.102204.
L. Chen, C. Tang, J. He, H. Zhao, X. Lan, and T. Li, “XSS adversarial example attacks based on deep reinforcement learning,”Comput Security, vol. 120, Sept. 2022, doi: 10.1016/j.cose.2022.102831.
AW Marashdih, ZF Zaaba, and K. Suwais, "Predicting input validation vulnerabilities based on minimal SSA features and machine learning,"Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 10, p. 9311–9331, Nov. 2022, doi: 10.1016/j.jksuci.2022.09.010.
GE Rodríguez, JG Torres, P. Flores, and DE Benavides, “Cross-site scripting (XSS) attacks and mitigation: A survey,”Computer Networks, vol. 166, Jan. 2020, doi: 10.1016/j.comnet.2019.106960.
Q. Wanget al., “Black-box adversarial attacks on XSS attack detection model,” Comput Secur, vol. 113, Feb. 2022, doi: 10.1016/j.cose.2021.102554.
M. Indushree, M. Kaur, M. Raj, R. Shashidhara, and HN Lee, “Cross Channel Scripting and Code Injection Attacks on Web and Cloud-Based Applications: A Comprehensive Review,”Sensors, vol. 22, no. 5. MDPI, Mar. 01, 2022. doi: 10.3390/s22051959.
P. Chaudhary, BB Gupta, and AK Singh, “Securing heterogeneous embedded devices against XSS attacks in intelligent IoT systems,”Comput Security, vol. 118, Jul. 2022, doi: 10.1016/j.cose.2022.102710.
T. Scholte, W. Robertson, D. Balzarotti, and E. Kirda, “Preventing input validation vulnerabilities in web applications through automated type analysis,” in Proceedings - International Computer Software and Applications Conference, 2012, pp. 233–243. doi: 10.1109/COMPSAC.2012.34.
I. Tariq, MA Sindhu, RA Abbasi, AS Khattak, O. Maqbool, and GF Siddiqui, “Resolving cross-site scripting attacks through genetic algorithm and reinforcement learning,”Expert System Appl, vol. 168, Apr. 2021, doi: 10.1016/j.eswa.2020.114386.
W. Luo, “Research and Implementation of Text Topic Classification Based on Text CNN,” in2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications (CVIDL & ICCEA), 2022, pp. 1152–1155. doi: 10.1109/CVIDLICCEA56201.2022.9824532.
AY Muadet al., “An effective approach for Arabic document classification using machine learning,” Global Transitions Proceedings, vol. 3, no. 1, pp. 267–271, 2022, doi: https://doi.org/10.1016/j.gltp.2022.03.003.
MP Akhter, Z. Jiangbin, IR Naqvi, M. Abdelmajeed, A. Mehmood, and MT Sadiq, “Document-Level Text Classification Using Single-Layer Multisize Filters Convolutional Neural Network,”IEEE Access, vol. 8, pp. 42689–42707, 2020, doi: 10.1109/ACCESS.2020.2976744.
EF Ayetiran, “Attention-based aspect sentiment classification using enhanced learning through cnn-Bilstm networks,”Knowl Based System, vol. 252, p. 109409, 2022, doi: https://doi.org/10.1016/j.knosys.2022.109409.
SSH SHAH, "Cross-site scripting XSS dataset for Deep learning,"www.kaggle.com, 2020.
Z. Alyafeai, MS Al-shaibani, M. Ghaleb, and I. Ahmad, “Evaluating Various Tokenizers for Arabic Text Classification,”Neural Process Lett, 2022, doi: 10.1007/s11063-022-10990-8.
F. Alrasheedi, X. Zhong, and P.-C. Huang, “Padding Module: Learning the Padding in Deep Neural Networks,”IEEE Access, vol. 11, p. 7348–7357, 2023, doi: 10.1109/ACCESS.2023.3238315.
J. Wen, X. Zhou, P. Zhong, and Y. Xue, “Convolutional neural network based text steganalysis,”IEEE Signal Process Lett, vol. 26, no. 3, pp. 460–464, 2019, doi: 10.1109/LSP.2019.2895286.
M. Dong, Y. Li, X. Tang, J. Xu, S. Bi, and Y. Cai, “Variable Convolution and Pooling Convolutional Neural Network for Text Sentiment Classification,”IEEE Access, vol. 8, pp. 16174–16186, 2020, doi: 10.1109/aCCESS.2020.2966726.
B. Guo, C. Zhang, J. Liu, and X. Ma, “Improving text classification with weighted word embeddings via a multi-channel TextCNN model,”Neurocomputing, vol. 363, pp. 366–374, 2019, doi: https://doi.org/10.1016/j.neucom.2019.07.052.
Y. Luan and S. Lin, “Research on Text Classification Based on CNN and LSTM,” 2019.
R. Wang, Z. Li, J. Cao, T. Chen, and L. Wang,Convolutional Recurrent Neural Networks for Text Classification. Hungary: IEEE, 2019. [Online]. Available: http://www.ieee.org/publications
Y. Zhou, J. Li, J. Chi, W. Tang, and Y. Zheng, “Set-CNN: A text convolutional neural network based on semantic extension for short text classification,”Knowl Based System, vol. 257, Dec. 2022, doi: 10.1016/j.knosys.2022.109948.
H. Dalianis, “Evaluation Metrics and Evaluation,” in Clinical Text Mining, Springer International Publishing, 2018, pp. 45–53. doi: 10.1007/978-3-319-78503-5_6.
N. and SS Sokolova Marina and Japkowicz, “Beyond Accuracy, F-Score and ROC: A Family of Discriminant Measures for Performance Evaluation,” in 2006: Advances in Artificial Intelligence, B. Sattar Abdul and Kang, Ed., Berlin, Heidelberg: Springer Berlin Heidelberg, 2006, pp. 1015–1021.
P. Roy, R. Kumar, P. Rani, and TS Joy, “XSS: Cross-site Scripting Attack Detection by Machine Learning Classifiers,” in2022 11th International Conference on System Modeling & Advancement in Research Trends (SMART), 2022, pp. 1535–1539. doi: 10.1109/SMART55829.2022.10046960.
FMM Mokbal, W. Dan, A. Imran, L. Jiuchuan, F. Akhtar, and W. Xiaoxi, “MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique,”IEEE Access, vol. 7, pp. 100567–100580, 2019, doi: 10.1109/ACCESS.2019.2927417.
L. Lei, M. Chen, C. He, and D. Li, “XSS Detection Technology Based on LSTM-Attention,” in2020 5th International Conference on Control, Robotics and Cybernetics (CRC), 2020, pp. 175–180. doi: 10.1109/CRC51253.2020.9253484.
Y. and XY Liu Zhonglin and Fang, "Cross-site Scripting Threat Intelligence Detection Based on Deep Learning," Frontiers in Cyber Security, F. Ahene Emmanuel and Li, Ed., Singapore: Springer Nature Singapore, 2022, pp. 89–104.
M. Krishnan, Y. Lim, S. Perumal, and G. Palanisamy, "Detection and defending the XSS attack using a novel hybrid stacking ensemble learning-based DNN approach,"Digital Communications and Networks, 2022, doi: https://doi.org/10.1016/j.dcan.2022.09.024.
Walid and Alamsyah, “ Recurrent Neural Network For Forecasting Time Series With Long Memory Pattern”, 2017 J. Phys.: Conf. Ser. 824 012038, doi: https://doi.org/10.1088/1742-6596/824/1/012038.