Visible to the public Detection of XSS in web applications using Machine Learning Classifiers

TitleDetection of XSS in web applications using Machine Learning Classifiers
Publication TypeConference Paper
Year of Publication2020
AuthorsBanerjee, R., Baksi, A., Singh, N., Bishnu, S. K.
Conference Name2020 4th International Conference on Electronics, Materials Engineering Nano-Technology (IEMENTech)
Date Publishedoct
KeywordsClassified Algorithms, classifiers, Cross Site Scripting, cross-site scripting, cross-site scripting attack, feature extraction, Human Behavior, JavaScript, machine learning, Malware, pubcrawl, random forests, resilience, Resiliency, Scalability, Uniform resource locators, Vegetation, Web pages
AbstractConsidering the amount of time we spend on the internet, web pages have evolved over a period of time with rapid progression and momentum. With such advancement, we find ourselves fronting a few hostile ideologies, breaching the security levels of webpages as such. The most hazardous of them all is XSS, known as Cross-Site Scripting, is one of the attacks which frequently occur in website-based applications. Cross-Site Scripting (XSS) attacks happen when malicious data enters a web application through an untrusted source. The spam attacks happen in the form of Wall posts, News feed, Message spam and mostly when a user is open to download content of webpages. This paper investigates the use of machine learning to build classifiers to allow the detection of XSS. Establishing our approach, we target the detection modus operandi of XSS attack via two features: URLs and JavaScript. To predict the level of XSS threat, we will be using four machine learning algorithms (SVM, KNN, Random forest and Logistic Regression). Proposing these classified algorithms, webpages will be branded as malicious or benign. After assessing and calculating the dataset features, we concluded that the Random Forest Classifier performed most accurately with the lowest False Positive Rate of 0.34. This precision will ensure a method much efficient to evaluate threatening XSS for the smooth functioning of the system.
Citation Keybanerjee_detection_2020