Detecting Cross-Site Scripting Attacks Using Machine Learning

Cross-site scripting (XSS) is one of the most frequently occurring types of attacks on web applications, hence is of importance in information security. XSS is where the attacker injects malicious code, typically JavaScript, into the web application in order to be executed in the user’s browser. Identifying that a script is malicious is an important part of the defence of a web application. This paper investigates using SVM, k-NN and Random Forests to detect and limit these attacks, whether known or unknown, by building classifiers for JavaScript code. It demonstrated that using an interesting feature set combining language syntax and behavioural features results in classifiers that give high accuracy and precision on large real world data sets without restricting attention only to obfuscation

Cross-Site Scripting (XSS) Detection Integrating Evidences in Multiple Stages

As Cross-Site Scripting (XSS) remains one of the top web security risks, people keep exploring ways to detect such attacks efficiently. So far, existing solutions only focus on the payload in a web request or a response, a single stage of a web transaction. This work proposes a new approach that integrates evidences from both a web request and its response in order to better characterize XSS attacks and separate them from normal web transactions. We first collect complete payloads of XSS and normal web transactions from two databases and extract features from them using the Word2vec technique. Next, we train two Gaussian mixture models (GMM) with these features, one for XSS transaction and one for normal web transactions. These two models can generate two probability scores for a new web transaction, which indicate how similar this web transaction is to XSS and normal traffics respectively. Finally, we put together these two GMM models in classification by combining these two probabilities to further improve detection accuracy

Vulnerability Analysis and Prevention on Software as a Service (SaaS) of Archive Websites

Web Archive is a SaaS service that has an important role in providing better document storage and management. Good document management has a positive impact on optimizing business operations, increasing collaboration, reducing costs, and protecting sensitive information. Cybercrime, which has an increasingly high intensity, is a serious threat to the security of data stored in web archives. This research aims to improve data security on web archives by conducting ongoing testing. Testing was carried out on a server with a Linux operating system and web archives managed by a file manager system. This study tests the attack using the OWASP application method, and an XSS attack on a web archive with a Linux server and using a file management application. The testing phase includes Information Gathering, Vulnerability Assessment, Exploiting, and Reporting. Based on the results of the research, it was obtained that the first vulnerability test contained 9 vulnerabilities in 9 categories. The second vulnerability test obtained 7 vulnerabilities and the third test found no vulnerabilities. At the end of each test, recommendations for improvements to the web archive are made to the web archive manager and a re-testing process for vulnerabilities is carried out. This process is carried out repeatedly with continuous improvement. Testing the attack and repair of the web archive was carried out repeatedly and managed to get a vulnerability level of Level 0.1-3.9 points with Low status

Exact and Approximate Rule Extraction from Neural Networks with Boolean Features

Rule extraction from classifiers treated as black boxes is an important topic in explainable artificial intelligence (XAI). It is concerned with finding rules that describe classifiers and that are understandable to humans, having the form of (I f...T hen...Else). Neural network classifiers are one type of classifier where it is difficult to know how the inputs map to the decision. This paper presents a technique to extract rules from a neural network where the feature space is Boolean, without looking at the inner structure of the network. For such a network with a small feature space, a Boolean function describing it can be directly calculated, whilst for a network with a larger feature space, a sampling method is described to produce rule-based approximations to the behaviour of the network with varying granularity, leading to XAI. The technique is experimentally assessed on a dataset of cross-site scripting (XSS) attacks, and proves to give very high accuracy and precision, comparable to that given by the neural network being approximated