XSS attack detection method based on genetic algorithm and support vector machine
MA Zheng, CHEN Xuebin , ZHANG Guopeng , ZHAI Ran
1. College of Science, North China University of Science and Technology, Tangshan, Hebei 063210, China; 2. Hebei Key Laboratory of Data Science and Application, North China University of Science and Technology, Tangshan, Hebei 063210, China; 3. Tangshan Key Laboratory of Data Science, North China University of Science and Technology, Tangshan, Hebei 063210, China
Abstract:To solve the poor performance problem of the existing solutions based on filters, dynamic analysis and static analysis in detecting unknown XSS attacks, the machine learning methods were used to efficiently detect unknown XSS attacks, and the XSS attack detection model was proposed based on genetic algorithm and support vector machine. The fuzzy testing was used to generate XSS attack pre samples, and the genetic algorithm was used to search the feature space. The optimal test cases were iteratively generate, and the dataset was expanded to enrich the XSS attack vector library. The attack detection model was proposed based on genetic algorithm and support vector machine, and the coding rules for XSS test cases were determined. The fitness function was designed, and the designs of selection operator, crossover operator and mutation operator were completed. The detection performance of the classifier was evaluated based on accuracy, recall, false positive rate and F1 score. The results show that the accuracy of the model can reach 99.5%. Compared with other detection methods, the proposed detection model has better detection performance with high recall rate and low false positive rate.
KORAC' D, DAMJANOVIC' B, SIMIC' D, et al. A hybrid XSS attack (HYXSSA) based on fusion approach: challenges, threats and implications in cybersecurity[J]. Journal of King Saud UniversityComputer and Information Sciences,2022,34:9284-9300.
XU D D, XU Y, ZHANG S C, et al. XSS attack detection method based on DCNNGRU model[J]. Computer Applications and Software, 2022,39(2):324-329.(in Chinese)
ZHU S M, DU R Y, CHEN J, et al. Web application firewall reinforcement scheme based on recurrent neural network[J]. Computer Engineering, 2022,48(11):120-126.(in Chinese)
DING X C, ZHANG W F, FANG S L, et al. Crosssite scripting attack detection based on deep learning[J]. Technology and Market, 2022,29(3):112-113.(in Chinese)
[6]
THAJEEL I K, SAMSUDIN K, HASHIM S J, et al. Machine and deep learningbased XSS detection approaches: a systematic literature review[J]. Journal of King Saud UniversityComputer and Information Sciences, DOI: 10.1016/j.jksuci.2023.101628.
[7]
MARASHDIH A W, ZAABA Z F, SUWAIS K, et al. Web application security: an investigation on static analysis with other algorithms to detect cross site scripting[J]. Procedia Computer Science, 2019,161:1173-1181.
ZHAO C, CHEN J X, YAO M H. XSS attack detection technology based on SVM classifier[J]. Computer Science, 2018, 45(11A):356-360.(in Chinese)
[10]
KAUR G, PANDE B, BHARDWAJ A, et al.Efficient yet robust elimination of XSS attack vectors from HTML5 web applications hosted on OSNbased cloud platforms[J]. Procedia Computer Science, 2018,125:669-675.
[11]
ABU ALHAIJA Q. Costeffective detection system of crosssite scripting attacks using hybrid learning approach[J]. Results in Engineering, DOI: 10.1016/j.rineng.2023.101266.
[12]
MARASHDIH A W, ZAABA Z F, SUWAIS K. Predicting input validation vulnerabilities based on minimal SSA features and machine learning[J]. Journal of King Saud UniversityComputer and Information Sciences, 2022,34(10PB):9311-9331.
