A Hybrid Machine Learning Model to Detect Reflected XSS Attack

Authors : Beraat BUZ, Berke GÜLÇİÇEK, Şerif BAHTİYAR

Pages : 235-241

Doi:10.17694/bajece.927417

View : 22 | Download : 12

Publication Date : 2021-07-30

Article Type : Research Paper

Abstract :Since web technologies are getting more advanced with longer codes, the number of vulnerabilities has increased considerably. Cross-site scripting insert ignore into journalissuearticles values(XSS); attacks are one of the most common attacks that use vulnerabilities in web applications. There are three types of cross-site scripting attacks namely, reflected, stored, and DOM-based attacks. Reflected XSS attacks are the most common type that is usually implemented by injecting a malicious code into the URL and then sending the URL to the targeted system by using phishing methods, which is a significant threat for recent web applications. Our motivation is the lack of a high performance detection method of reflected XSS attacks with high accuracy. In this paper, we propose a hybrid machine learning model to detect vulnerabilities related to reflected XSS attacks for a given URL of a website. Our model uses a scanner to discover vulnerabilities in a web site and convolutional neural networks to predict the most common vulnerabilities that may be used for reflected XSS attacks, which makes the proposed model hybrid. We analyzed the model experimentally. Analyses results show that the proposed model is able to detect vulnerable attack surfaces with 99 % accuracy.
Keywords : Reflected XSS, Deep Learning, Detection, Vulnerability, N gram, XSS Scanner