Development of web browser prototype with embedded classification capability for mitigating Cross-Site Scripting attacks

Mitigation of Cross-Site Scripting (XSS) with machine learning techniques is the recent interest of researchers. A large amount of research work is reported in this domain. A lack of real-time tools working on the basis of these approaches is a gap in this domain. In this work, a web browser that works on machine learning classification to mitigate XSS attacks is developed. This browser classifies webpages into malicious and non-malicious pages using features identified by observation of malicious web pages and features collected from the different authors works. Classification experiments are conducted to evaluate the effectiveness of these features, and it is found that this approach performs better than other proposed methods in terms of classification accuracy, precision, recall, and F1-score. A web browser is implemented with the open-source browser WebKit. Experiments are conducted to assess the overhead created by the added functionality of classification in the web browser. The browser is found effective in classifying web pages and in real-time browsing scenarios with very less generated overhead. This makes web browser better than other proposed solutions to mitigate (XSS) attacks with minimal overhead. This developed web browser will be beneficial not only for researchers working in this domain but also for the users who can be the victims of XSS attacks. (C) 2020 Published by Elsevier B.V.