Rule-Based Signature or also known as Misuse Detection is IDS which rely on matching data captured on retrieval of attack pattern which in system that allow attacks. If the attack activity detected according to existing signature, then it will be read by system and called as attack. The advantage of this Signature-Based IDS is the accuracy of detecting matched attack which in the system with low false-positive result and high true-positive. Cross-Site Scripting is type of attack which is perform by injecting code (usually) JavaScript to a site. XSS is very often utilized by attacker to steal web browser resource such as cookie, credentials, etc. Dataset which used in this research is dataset which created by injecting script into a website. Once obtained the dataset, then feature extraction is performed to separate the attribute which used. XSS attack pattern can be easily recognized from URI, and then detected using engine which has been created. Detection result of algorithm which used is evaluated using confusion matrix to determine detection accuracy value which performed. Obtained accuracy detection of research result reached 99.4% with TPR 98.8% and FPR 0%
