Unveiling XSS Threats: A Bipartite Graph Approach with Ensemble Deep Learning for Enhanced Detection

被引：0

作者：

Alorainy, Wafa ^{[1
]}

机构：

[1] Shaqra Univ, Durma Coll Sci & Humanities, Shaqra 11961, Saudi Arabia

来源：

INFORMATION | 2025年 / 16卷 / 02期

关键词：

cross-site scripting attacks; bipartite graph; machine learning; deep learning; artificial neural networks; web vulnerabilities; cybersecurity; attack detection;

D O I：

10.3390/info16020097

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Cross-Site Scripting (XSS) attacks are a common source of vulnerability for web applications, necessitating scalable mechanisms for detection. In this work, a new method based on bipartite graph-based feature extraction and an ensemble learning classifier containing CNN, LSTM, and GRU is introduced. Our proposed bipartite graph model is novel as the payloads constitute the first set, while the words constructing the payloads comprise the second set. This representation allows structural and contextual dependencies to be extracted so the model can recognize complex and obfuscated XSS payloads. Our method surpasses state-of-the-art methods by having 99.97% detection accuracy. It has a significantly increased ability to detect complicated payload variations by utilizing co-occurrence patterns and interdependence between smaller payload parts through the adoption of these bipartite features. In addition to improving the F1-score, recall, and precision associated with such methods, it also demonstrates the adaptability of graph-based representation in cybersecurity applications. Our findings highlight the possibility of integrating ensemble classifiers and refined feature engineering into a scalable, precise XSS detection system.

引用

页数：24

共 48 条

[1] Tan X., Xu Y., Wu T., Li B., Detection of reflected XSS vulnerabilities based on paths-attention method, Appl. Sci, 13, (2023)
[2] Liu Z., Fang Y., Huang C., Han J., GraphXSS: An efficient XSS payload detection approach based on graph convolutional network, Comput. Secur, 114, (2022)
[3] Liu Z., Fang Y., Huang C., Xu Y., MFXSS: An effective XSS vulnerability detection method in JavaScript based on multi-feature model, Comput. Secur, 124, (2023)
[4] van de Bijl E.P., Towards Graph-Based Intrusion Detection in Cybersecurity, Master’s Thesis, (2020)
[5] Thajeel I.K., Samsudin K., Hashim S.J., Hashim F., Machine and deep learning-based xss detection approaches: A systematic literature review, J. King Saud Univ.-Comput. Inf. Sci, 35, (2023)
[6] Liu M., Zhang B., Chen W., Zhang X., A survey of exploitation and detection methods of XSS vulnerabilities, IEEE Access, 7, pp. 182004-182016, (2019)
[7] Kaur J., Garg U., Bathla G., Detection of cross-site scripting (XSS) attacks using machine learning techniques: A review, Artif. Intell. Rev, 56, pp. 12725-12769, (2023)
[8] Sharma S., Zavarsky P., Butakov S., Machine learning based intrusion detection system for web-based attacks, Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pp. 227-230
[9] Alam F., Pachauri S., Comparative study of J48, Naive Bayes and One-R classification technique for credit card fraud detection using WEKA, Adv. Comput. Sci. Technol, 10, pp. 1731-1743, (2017)
[10] Yang W., Zuo W., Cui B., Detecting malicious URLs via a keyword-based convolutional gated-recurrent-unit neural network, IEEE Access, 7, pp. 29891-29900, (2019)

← 1 2 3 4 5 →