nach oben

Artificial Intelligence Review

Erschienen in:

23.03.2023

Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review

verfasst von: Jasleen Kaur, Urvashi Garg, Gourav Bathla

Erschienen in: Artificial Intelligence Review | Ausgabe 11/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the rising demand for E-commerce, Social Networking websites, it has become essential to develop security protocols over the World Wide Web that can provide security and privacy to Internet users all over the globe. Several traditional encryption techniques and attack detection protocols can secure the data transmitted over public networks. However, hackers can effortlessly exploit them to acquire access to the users’ sensitive information such as user ID, session ID, cookies, passwords, bank account details, contact numbers, private PINs, database information, etc. Researchers have continuously innovated new techniques to build a secure and robust system that cannot be easily hacked and manipulated. Still, there is much scope for novelty to provide security against contemporary techniques used by intruders. The motivation of this survey is to observe the recent developments in Cross-Site Scripting attacks and techniques used by researchers to secure confidential information. Cross-Site Scripting (XSS) has been recognized as one of the top 10 online application security risks by the Open Web Application Security Project (OWASP) for decades. Therefore, dealing with this security flaw in web applications has become essential to avoid further personal and financial damage to Internet users and business organizations. There is a need for an extensive survey of recent XSS attack detection techniques that can provide the right direction to researchers and security professionals. We present a complete overview of recent machine learning and neural network-based XSS attack detection techniques in this paper, covering deep neural networks, decision trees, web-log-based detection models, and many more. This paper also highlights the research gaps that must be addressed while designing attack detection models. Further, challenges researchers face during the development of recent techniques are also discussed. Finally, future directions are provided to reflect on new concepts that can be used in forthcoming research works to improve XSS attack detection techniques.

Vorheriger Artikel An advanced similarity measure for Pythagorean fuzzy sets and its applications in transportation problem

Nächster Artikel Applications of AI in oil and gas projects towards sustainable development: a systematic literature review

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

2000 DARPA Intrusion Detection Scenario Specific Datasets | MIT Lincoln Laboratory. (n.d.). https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets. Accessed 2 Nov 2021

Abaimov S, Bianchi G (2019) CODDLE: Code-injection detection with deep learning. IEEE Access 7:128617–128627. https://doi.org/10.1109/ACCESS.2019.2939870CrossRef

Abdullah Alqarni A, Alsharif N, Ahmad Khan N, Georgieva L, Pardade E, Alzahrani YM (2022) MNN-XSS: modular neural network based approach for XSS attack detection. Comput Mater Continua 70(2):4075–4085. https://doi.org/10.32604/CMC.2022.020389CrossRef

Akay B, Karaboga D, Akay R (2021) A comprehensive survey on optimizing deep learning models by metaheuristics. Artif Intell Rev 55(2):829–894. https://doi.org/10.1007/S10462-021-09992-0CrossRef

Akrout R, Alata E, Kaaniche M, Nicomette V (2014) An automated black box approach for web vulnerability identification and attack scenario generation. J Brazilian Comput Soc 20(1):1–16. https://doi.org/10.1186/1678-4804-20-4MathSciNetCrossRef

Alam F, Pachauri S (2017) Comparative study of J48, naive bayes and one-R classification technique for credit card fraud detection using WEKA. Adv Comput Sci Technol 10(6):1731–1743

Aldahdooh A, Hamidouche W, Fezza SA, Déforges O (2022) Adversarial example detection for DNN models: a review and experimental comparison. Artif Intell Rev 2022:1–60. https://doi.org/10.1007/S10462-021-10125-WCrossRef

Alexa - Top sites. (n.d.). https://www.alexa.com/topsites. Accessed 2 Nov 2021

Banerjee, R., Baksi, A., Singh, N., & Bishnu, S. K. (2020, October 2). Detection of XSS in web applications using Machine Learning Classifiers. 2020 4th International Conference on Electronics, Materials Engineering & Nano-Technology (IEMENTech). https://doi.org/10.1109/IEMENTech51367.2020.9270052

Brewer R (2016) Ransomware attacks: detection, prevention and cure. Netw Secur 2016(9):5–9. https://doi.org/10.1016/S1353-4858(16)30086-1CrossRef

Chauhan S, Vig L, Filippo De Grazia M, Corbetta M, Ahmad S, Zorzi M (2019) A Comparison of shallow and deep learning methods for predicting cognitive performance of stroke patients from mri lesion images. Front Neuroinform. https://doi.org/10.3389/fninf.2019.00053CrossRef

Chen T, Liu J, Xiang Y, Niu W, Tong E, Han Z (2019) Adversarial attack and defense in reinforcement learning-from AI security view. Cybersecurity 2:1. https://doi.org/10.1186/s42400-019-0027-xCrossRef

Cimpanu Catalin. (2018). British Airways breach caused by the same group that hit Ticketmaster | ZDNet. ZDNET, A RED VENTURES COMPANY. https://www.zdnet.com/article/british-airways-breach-caused-by-the-same-group-that-hit-ticketmaster/

CISCO. (2021). Defending Against Critical Threats. https://www.cisco.com/c/en/us/products/security/defending-against-critical-threats.html?CCID=cc000160&DTID=odicdc000016&OID=rptsc024689

Conti, M., Dargahi, T., & Dehghantanha, A. (2018). Cyber threat intelligence: Challenges and opportunities. In Advances in Information Security (Vol. 70, pp. 1–6). Springer New York LLC. https://doi.org/10.1007/978-3-319-73951-9_1

Dada, E. G. (2017). A Hybridized SVM-kNN-pdAPSO Approach to Intrusion Detection System. In University of Maiduguri Faculty of Engineering Seminar Series (Vol. 8). https://www.researchgate.net/publication/316145216_A_Hybridized_SVM-kNN-pdAPSO_Approach_to_Intrusion_Detection_System

Zhu Dali, Jin Hao, Ying Yang Wu, D., & Weiyi Chen. (2017) DeepFlow: deep learning-based malware detection by mining android application for abnormal usage of sensitive data. 2017 IEEE Symposium Comput Commun (ISCC). https://doi.org/10.1109/ISCC.2017.8024568CrossRef

Dixit P, Silakari S (2021) Deep learning algorithms for cybersecurity applications: a technological and status review. Comput Sci Rev 39:100317. https://doi.org/10.1016/J.COSREV.2020.100317MathSciNetCrossRef

Dora JR, Nemoga K (2021) Ontology for cross-site-scripting (XSS) attack in cybersecurity. J Cybersecur Privacy 1(2):319–339. https://doi.org/10.3390/jcp1020018CrossRef

EOIN KEARY. (n.d.). 2019 VULNERABILITY STATISTICS REPORT. https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf. Accessed 2 Sep 2021

Fang Y, Huang C, Xu Y, Li Y (2019) RLXSS: Optimizing XSS detection model to defend against adversarial attacks based on reinforcement learning. Future Internet 11:8. https://doi.org/10.3390/FI11080177CrossRef

Fang, Y., Li, Y., Liu, L., & Huang, C. (2018). DeepXSS: Cross site scripting detection based on deep learning. ACM International Conference Proceeding Series. https://doi.org/10.1145/3194452.3194469

Feng F, Liu X, Yong B, Zhou R, Zhou Q (2019) Anomaly detection in ad-hoc networks based on deep learning model: a plug and play device. Ad Hoc Netw 84:82–89. https://doi.org/10.1016/J.ADHOC.2018.09.014CrossRef

Furnell S, Emm D (2017) The ABC of ransomware protection. Comput Fraud Secur 2017(10):5–11. https://doi.org/10.1016/S1361-3723(17)30089-1CrossRef

Gao W, Morris T, Reaves B, Richey D (2010) On SCADA control system command and response injection and intrusion detection. General Mem Meet ECrime Res Summit ECrime. https://doi.org/10.1109/ECRIME.2010.5706699CrossRef

Guo Y, Pan Y, Zhang Z, Li L, Jamshed MA, Moon Y, Kim D, Han D, Park K, Jamshed M A, Berger DS, Sitaraman RK, Harchol-Balter M, Pfaff B, Pettit J, Koponen T, Jackson E, Zhou A, Rajahalme J, … Security I. T (2017) Same-origin policy: Evaluation in modern browsers. In Proceedings of the Same-Origin Policy: Evaluation in Modern Browsers. Nsdi, 40(4): 97–112

Geetha R, Thilagam T (2020) A review on the effectiveness of machine learning and deep learning algorithms for cyber security. Arch Comput Methods Eng 28(4):2861–2879. https://doi.org/10.1007/S11831-020-09478-2MathSciNetCrossRef

GitHub - Morzeux/HttpParamsDataset. (n.d.). https://github.com/Morzeux/HttpParamsDataset. Accessed 2 Nov 2021

Gkioulos V, Chowdhury N (2021) Cyber security training for critical infrastructure protection: a literature review. Comput Sci Rev 40:100361. https://doi.org/10.1016/J.COSREV.2021.100361CrossRef

Gupta B.B., & Chaudhary Pooja. (2020). Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures. (First). CRC Press. https://www.google.co.in/books/edition/Cross_Site_Scripting_Attacks/697SDwAAQBAJ?hl=en&gbpv=0&kptab=overview

Gupta S, Gupta BB (2015) Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int J Syst Assurance Eng Manag 8(1):512–530. https://doi.org/10.1007/S13198-015-0376-0CrossRef

Hassan MdM, Nipa SS, Akter M, Haque R, Deepa FN, Rahman MM, Siddiqui Md, Sharif MdH (2018) Broken authentication and session management vulnerability: a case study of web application. Int J Simul. https://doi.org/10.5013/ijssst.a.19.02.06CrossRef

Heiderich, M., Schwenk, J., Frosch, T., Magazinius, J., & Yang, E. Z. (2013). mXSS attacks: Attacking well-secured web-applications by using innerHTML mutations. Proceedings of the ACM Conference on Computer and Communications Security, 777–788. https://doi.org/10.1145/2508859.2516723

Hickling J (2021) What is DOM XSS and why should you care? Comput Fraud Secur 2021(4):6–10. https://doi.org/10.1016/S1361-3723(21)00040-3CrossRef

Hoang XD (2020) Detecting common web attacks based on machine learning using web log. Lecture Notes Networks and Syst 178:311–318. https://doi.org/10.1007/978-3-030-64719-3_35CrossRef

Introducing a powerful open source social networking engine. (n.d.). https://elgg.org/. Accessed 2 Nov 2021

Jagajeevan Rao L, Nazeer Basha SK, Rama Krishna V (2021) Prevention and analysing on cross site scripting. Adv Intell Syst Comput 1171:731–739. https://doi.org/10.1007/978-981-15-5400-1_69CrossRef

Jiang F, Fu Y, Gupta BB, Liang Y, Rho S, Lou F, Meng F, Tian Z (2020) Deep learning based multi-channel intelligent attack detection for data security. IEEE Trans Sustain Comput 5(2):204–212. https://doi.org/10.1109/TSUSC.2018.2793284CrossRef

Jian-hua Li. (2021). Cyber Security Meets Machine Learning. In Cyber Security Meets Machine Learning. Springer Singapore. https://doi.org/10.1007/978-981-33-6726-5

Kascheev, S., & Olenchikova, T. (2020). Detecting Cross-Site Scripting (XSS) Using Machine Learning Methods. 2020 Global Smart Industry Conference (GloSIC). https://doi.org/10.1109/GloSIC50886.2020.9267866

Katsikeas S, Johnson P, Ekstedt M, Lagerström R (2021) Research communities in cyber security: a comprehensive literature review. Comput Sci Rev. https://doi.org/10.1016/j.cosrev.2021.100431MathSciNetCrossRef

Kaur, G., Malik, Y., Samuel, H., & Jaafar, F. (2018). Detecting blind cross-site scripting attacks using machine learning. ACM International Conference Proceeding Series, 22–25. https://doi.org/10.1145/3297067.3297096

Kaur, J., & Garg, U. (2022). State-of-the-Art Survey on Web Vulnerabilities, Threat Vectors, and Countermeasures. In: Dr. R. Aggarwal, Dr. J. He, Dr. E. Shubhakar Pilli, & Dr. S. Kumar (Eds) Cyber Security in Intelligent Computing and Communications. Springer, Singapore. (pp. 3–17).

Kaur S, Singh M (2019) Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput Appl 32(12):7859–7877. https://doi.org/10.1007/S00521-019-04187-9CrossRef

KDD Cup 1999 Data. (n.d.). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 2 Nov 2021

Keary Eoin. (n.d.). 2021 VULNERABILITY STATISTICS REPORT EDGESCAN. In EdgeScan Report. https://info.edgescan.com/hubfs/Edgescan2021StatsReport.pdf?hsCtaTracking=9601b027-23d3-443f-b438-fcb671cfda06%7Cb222011c-0b6d-440b-aed8-64d37dec66e2. Accessed 2 Sep 2021

Khan N, Abdullah J, Khan AS (2017) Defending malicious script attacks using machine learning classifiers. Wireless Commun Mobile Comput. https://doi.org/10.1155/2017/5360472CrossRef

Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the Gordian knot: a look under the hood of ransomware attacks. Lecture Notes Comput Sci 9148:3–24. https://doi.org/10.1007/978-3-319-20550-2_1CrossRef

Kokila, R. T., Thamarai Selvi, S., & Govindarajan, K. (2015). DDoS detection and analysis in SDN-based environment using support vector machine classifier. 6th International Conference on Advanced Computing, ICoAC 2014, 205–210. https://doi.org/10.1109/ICOAC.2014.7229711

Kumar R, Goyal R (2019) On cloud security requirements, threats, vulnerabilities and countermeasures: a survey. Comput Sci Rev 33:1–48. https://doi.org/10.1016/J.COSREV.2019.05.002MathSciNetCrossRef

Laghrissi FE, Douzi S, Douzi K, Hssina B (2021) Intrusion detection systems using long short-term memory (LSTM). J Big Data 8:1. https://doi.org/10.1186/s40537-021-00448-4CrossRef

Lei, L., Chen, M., He, C., & Li, D. (2020). XSS Detection Technology Based on LSTM-Attention. 2020 5th International Conference on Control, Robotics and Cybernetics, CRC 2020, 175–180. https://doi.org/10.1109/CRC51253.2020.9253484

Leyden, J. (2020). XSS vulnerability in ‘Login with Facebook’ button earns $20,000 bug bounty. PortSwigger. https://portswigger.net/daily-swig/xss-vulnerability-in-login-with-facebook-button-earns-20-000-bug-bounty

Li J, Hua (2018) Cyber security meets artificial intelligence: a survey. Front Inform Technol Electron Eng 19(12):1462–1474. https://doi.org/10.1631/FITEE.1800573CrossRef

Lipton, Z. C., Berkowitz, J., & Elkan, C. (2015). A Critical Review of Recurrent Neural Networks for Sequence Learning. http://arxiv.org/abs/1506.00019

Luo C, Tan Z, Min G, Gan J, Shi W, Tian Z (2021) A novel web attack detection system for internet of things via ensemble classification. IEEE Trans Industr Inf 17(8):5810–5818. https://doi.org/10.1109/TII.2020.3038761CrossRef

Matt, F. (2021). Application Model & Same-Origin Policy. In Lecture Notes on Web Security: Application Model & Same-Origin Policy.

Melicher, W., Fung, C., Bauer, L., & Jia, L. (2021). Towards a lightweight, hybrid approach for detecting DOM XSS vulnerabilities with machine learning. The Web Conference 2021—Proceedings of the World Wide Web Conference, WWW 2021, 2684–2695. https://doi.org/10.1145/3442381.3450062

C.C. Michael, & Steven Lavenhar. (2013). Source Code Analysis Tools - Overview | CISA. Cybersecurity & Infrastructure Security Agency. https://us-cert.cisa.gov/bsi/articles/tools/source-code-analysis/source-code-analysis-tools---overview

Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature | The Daily Swig. (n.d.). https://portswigger.net/daily-swig/microsoft-teams-security-vulnerability-left-users-open-to-xss-via-flawed-stickers-feature. Accessed 10 Oct 2022

Mnih, V., Heess, N., Graves, A., & Kavukcuoglu, K. (2014). Recurrent Models of Visual Attention. Advances in Neural Information Processing Systems, 3(January), 2204–2212. https://arxiv.org/abs/1406.6247v1

Mohammad G, Reza S (2017) Software vulnerability analysis and discovery using machine-learning and data-mining techniques. ACM Comput Surv (CSUR) 50:4. https://doi.org/10.1145/3092566CrossRef

Mokbal FMM, Dan W, Imran A, Jiuchuan L, Akhtar F, Xiaoxi W (2019) MLPXSS: an Integrated XSS-based attack detection scheme in web applications using multilayer perceptron technique. IEEE Access 7:100567–100580. https://doi.org/10.1109/ACCESS.2019.2927417CrossRef

Moon D, Im H, Kim I, Park JH (2015) DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J Supercomput 73(7):2881–2895. https://doi.org/10.1007/S11227-015-1604-8CrossRef

Munonye K, Péter M (2021) Machine learning approach to vulnerability detection in OAuth 2.0 authentication and authorization flow. Int J Inf Secur 2021:1–15. https://doi.org/10.1007/S10207-021-00551-WCrossRef

Nidecki Tomasz Andrzej. (2019). Mutation XSS in Google Search. THE ACUNETIX BLOG. https://www.acunetix.com/blog/web-security-zone/mutation-xss-in-google-search/

G. Nick. (2021). The Most Telling Cyber Security Statistics in 2021 [Infographic]. Cyber Security Stats—Infographic. https://techjury.net/blog/cyber-security-statistics/

Novinson Michael. (2021). The 10 Biggest Data Breaches Of 2021 (So Far). CRN News. https://www.crn.com/slide-shows/security/the-10-biggest-data-breaches-of-2021-so-far-/2

Olalere, M., Abdullah, M. T., Mahmod, R., & Abdullah, A. (2016). Identification and Evaluation of Discriminative Lexical Features of Malware URL for Real-Time Classification. 2016 International Conference on Computer and Communication Engineering (ICCCE). https://doi.org/10.1109/ICCCE.2016.31

Onan A (2018) Biomedical text categorization based on ensemble pruning and optimized topic modelling. Comput Math Methods Med. https://doi.org/10.1155/2018/2497471CrossRef

Onan A (2018b) An ensemble scheme based on language function analysis and feature engineering for text genre classification. J Inf Sci 44(1):28–47. https://doi.org/10.1177/0165551516677911CrossRef

Onan A (2019) Consensus clustering-based undersampling approach to imbalanced learning. Sci Program. https://doi.org/10.1155/2019/5901087CrossRef

Onan A (2019b) Topic-enriched word embeddings for sarcasm identification. Adv Intell Syst Comput 984:293–304. https://doi.org/10.1007/978-3-030-19807-7_29/COVERCrossRef

Onan A (2019c) Two-stage topic extraction model for bibliometric data analysis based on word embeddings and clustering. IEEE Access 7:145614–145633. https://doi.org/10.1109/ACCESS.2019.2945911CrossRef

Onan A (2020) Mining opinions from instructor evaluation reviews: a deep learning approach. Comput Appl Eng Educ 28(1):117–138. https://doi.org/10.1002/CAE.22179CrossRef

Onan A (2021a) Sentiment analysis on massive open online course evaluations: a text mining and deep learning approach. Comput Appl Eng Educ 29(3):572–589. https://doi.org/10.1002/CAE.22253CrossRef

Onan A (2021) Sentiment analysis on product reviews based on weighted word embeddings and deep neural networks. Concurrency Comput 33(23):e5909. https://doi.org/10.1002/CPE.5909CrossRef

Onan A (2022) Bidirectional convolutional recurrent neural network architecture with group-wise enhancement mechanism for text sentiment classification. J King Saud University—Comput Information Sci 34(5):2098–2117. https://doi.org/10.1016/J.JKSUCI.2022.02.025CrossRef

Onan A, KorukoGlu S (2017) A feature selection model based on genetic rank aggregation for text sentiment classification. J Inf Sci 43(1):25–38. https://doi.org/10.1177/0165551515613226CrossRef

Onan A, Korukoǧlu S, Bulut H (2016) Ensemble of keyword extraction methods and classifiers in text classification. Expert Syst Appl 57:232–247. https://doi.org/10.1016/J.ESWA.2016.03.045CrossRef

Onan A, Korukoğlu S, Bulut H (2017) A hybrid ensemble pruning approach based on consensus clustering and multi-objective evolutionary algorithm for sentiment classification. Inform Processing Manag 53(4):814–833. https://doi.org/10.1016/J.IPM.2017.02.008CrossRef

Onan A, Tocoglu MA (2021) A term weighted neural language model and stacked bidirectional LSTM Based framework for sarcasm identification. IEEE Access 9:7701–7722. https://doi.org/10.1109/ACCESS.2021.3049734CrossRef

owasp. (2017). OWASP Top Ten. OWASP. https://owasp.org/

Pan Y, Sun F, Teng Z, White J, Schmidt DC, Staples J, Krause L (2019) Detecting web attacks with end-to-end deep learning. J Internet Serv Appl 10(1):1–22. https://doi.org/10.1186/S13174-019-0115-XCrossRef

Pavan Kumar P, Jaya T, Rajendran V (2021) SI-BBA—a novel phishing website detection based on swarm intelligence with deep learning. Mater Today. https://doi.org/10.1016/J.MATPR.2021.07.178CrossRef

Pitropakis N, Panaousis E, Giannetsos T, Anastasiadis E, Loukas G (2019) A taxonomy and survey of attacks against machine learning. Comput Sci Rev 34:100199. https://doi.org/10.1016/J.COSREV.2019.100199MathSciNetCrossRef

Praise JJ, Raj RJS, Benifa JVB (2020) Development of reinforcement learning and pattern matching (RLPM) based firewall for secured cloud infrastructure. Wireless Personal Commun 115(2):993–1018. https://doi.org/10.1007/S11277-020-07608-4CrossRef

Rathore S, Sharma PK, Park JH (2017) XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs. J Inform Processing Syst 13(4):1014–1028. https://doi.org/10.3745/JIPS.03.0079CrossRef

Rodríguez GE, Torres JG, Flores P, Benavides DE (2020) Cross-site scripting (XSS) attacks and mitigation: a survey. Computer Networks 166:106960. https://doi.org/10.1016/J.COMNET.2019.106960CrossRef

Sarmah U, Bhattacharyya DK, Kalita JK (2018) A survey of detection methods for XSS attacks. J Netw Comput Appl 118:113–143. https://doi.org/10.1016/J.JNCA.2018.06.004CrossRef

Screencastify Chrome extension flaws allow webcam hijacks. (n.d.). https://www.bleepingcomputer.com/news/security/screencastify-chrome-extension-flaws-allow-webcam-hijacks/. Accessed 10 Oct 2022

Shabut, A. M., Lwin, K. T., & Hossain, M. A. (2016). Cyber attacks, countermeasures, and protection schemes—a state of the art survey. 2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA). https://doi.org/10.1109/SKIMA.2016.7916194

Shahid N, Aleem SA, Naqvi IH, Zaffar N (2012) Support vector machine based fault detection & classification in smart grids. 2012 IEEE Globecom Workshops. GC Wkshps 2012:1526–1531. https://doi.org/10.1109/GLOCOMW.2012.6477812CrossRef

Machine Learning based Intrusion Detection System for Web-Based Attacks, Proceedings - 2020 IEEE 6th Intl Conference on Big Data Security on Cloud, BigDataSecurity 2020, 2020 IEEE Intl Conference on High Performance and Smart Computing, HPSC 2020 and 2020 IEEE Intl Conference on Intelligent Data and Security, IDS 2020 227 (2020).

Shukla A, Tiwari R, Kala R (2010) Modular neural networks. Stud Comput Intell 307:307–335. https://doi.org/10.1007/978-3-642-14344-1_14CrossRef

Snehi M, Bhandari A (2021) Vulnerability retrospection of security solutions for software-defined cyber-physical system against DDoS and IoT-DDoS attacks. Comput Sci Rev. https://doi.org/10.1016/j.cosrev.2021.100371CrossRef

Syarif, A. R., & Gata, W. (2018). Intrusion detection system using hybrid binary PSO and K-nearest neighborhood algorithm. Proceedings of the 11th International Conference on Information and Communication Technology and System, ICTS 2017, 2018-January, 181–186. https://doi.org/10.1109/ICTS.2017.8265667

Tariq I, Sindhu MA, Abbasi RA, Khattak AS, Maqbool O, Siddiqui GF (2021) Resolving cross-site scripting attacks through genetic algorithm and reinforcement learning. Exp Syst Appl 168:114386. https://doi.org/10.1016/J.ESWA.2020.114386CrossRef

Tekli G (2021) A survey on semi-structured web data manipulations by non-expert users. Comput Sci Rev 40:100367. https://doi.org/10.1016/J.COSREV.2021.100367CrossRef

Thakkar A, Lohiya R (2021) A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions. Artificial Intell Rev 55(1):453–563. https://doi.org/10.1007/S10462-021-10037-9CrossRef

Tian Z, Luo C, Qiu J, Du X, Guizani M (2020) A distributed deep learning system for web attack detection on edge devices. IEEE Trans Industr Inf 16(3):1963–1971. https://doi.org/10.1109/TII.2019.2938778CrossRef

Tran NK, Sheng QZ, Babar MA, Yao L (2017) Searching the web of things: state of the art, challenges, and solutions. ACM Comput Surv 50(4):1–34. https://doi.org/10.1145/3092695CrossRef

Vinayakumar R, Soman KP, Poornachandran P, Sachin Kumar S (2018) Detecting android malware using long short-term memory (LSTM). J Intell Fuzzy Syst 34:3. https://doi.org/10.3233/JIFS-169424CrossRef

Vollmer, T., & Manic, M. (2009). Computationally efficient neural network intrusion security awareness. Proceedings - ISRCS 2009—2nd International Symposium on Resilient Control Systems, 25–30. https://doi.org/10.1109/ISRCS.2009.5251357

von Solms R, van Niekerk J (2013) From information security to cyber security. Comput Secur 38:97–102. https://doi.org/10.1016/j.cose.2013.04.004CrossRef

Vuong, T. P., Loukas, G., Gan, D., & Bezemskij, A. (2015). Decision tree-based detection of denial of service and command injection attacks on robotic vehicles. 2015 IEEE International Workshop on Information Forensics and Security, WIFS 2015 - Proceedings. https://doi.org/10.1109/WIFS.2015.7368559

Wang Q, Yang H, Wu G, Choo KKR, Zhang Z, Miao G, Ren Y (2022) Black-box adversarial attacks on XSS attack detection model. Comput Secur 113:102554. https://doi.org/10.1016/J.COSE.2021.102554CrossRef

Wang, R., Jia, X., Li, Q., & Zhang, D. (2015). Improved N-gram approach for cross-site scripting detection in Online Social Network. Proceedings of the 2015 Science and Information Conference, SAI 2015, 1206–1212. https://doi.org/10.1109/SAI.2015.7237298

Wang, R., Jia, X., Li, Q., & Zhang, S. (2014). Machine Learning Based Cross-Site Scripting Detection in Online Social Network. 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 823–826. https://doi.org/10.1109/HPCC.2014.137

Wang Z, Fok KW, Thing VLL (2022) Machine learning for encrypted malicious traffic detection: Approaches, datasets and comparative study. Comput Secur 113:102542. https://doi.org/10.1016/J.COSE.2021.102542CrossRef

Wikipedia. (2021). Session ID. Online. https://en.wikipedia.org/wiki/Session_ID

WordPress Stored XSS Vulnerability—Update Now. (n.d.). https://www.searchenginejournal.com/wordpress-core-vulnerability-2022/441795/#close. Accessed 10 Oct 2022

XSS in Gmail’s AMP For Email earns researcher $5,000 | The Daily Swig. (n.d.). https://portswigger.net/daily-swig/xss-in-gmails-amp-for-email-earns-researcher-5-000. Accessed 8 Oct 2022

XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks | The Daily Swig. (n.d.). https://portswigger.net/daily-swig/xss-vulnerabilities-in-google-cloud-google-play-could-lead-to-account-hijacks. Accessed 8 Oct 2022

XSSed | Cross Site Scripting (XSS) attacks information and archive. (n.d.). http://xssed.com/. Accessed 2 Nov 2021

Yan R, Xiao X, Hu G, Peng S, Jiang Y (2018) New deep learning method to detect code injection attacks on hybrid applications. J Syst Softw 137:67–77. https://doi.org/10.1016/J.JSS.2017.11.001CrossRef

Yu Y, Si X, Hu C, Zhang J (2019) A review of recurrent neural networks: Lstm cells and network architectures. Neural Comput 31(7):1235–1270. https://doi.org/10.1162/NECO_A_01199MathSciNetCrossRefMATH

Zhang G, Liu B, Zhu T, Zhou A, Zhou W (2022) Visual privacy attacks and defenses in deep learning: a survey. Artif Intell Rev 2021:1–55. https://doi.org/10.1007/S10462-021-10123-YCrossRef

Zhang X, Zhou Y, Pei S, Zhuge J, Chen J (2020) Adversarial examples detection for XSS attacks based on generative adversarial networks. IEEE Access 8:10989–10996. https://doi.org/10.1109/ACCESS.2020.2965184CrossRef

Zhang Z, Ning H, Shi F, Farha F, Xu Y, Xu J, Zhang F, Choo KKR (2021a) Artificial intelligence in cyber security: research advances, challenges, and opportunities. Artif Intell Rev. https://doi.org/10.1007/s10462-021-09976-0CrossRef

Zhang Z, Ning H, Shi F, Farha F, Xu Y, Xu J, Zhang F, Choo KKR (2021) Artificial intelligence in cyber security: research advances, challenges, and opportunities. Artif Intell Rev 55(2):1029–1053. https://doi.org/10.1007/S10462-021-09976-0CrossRef

Zhao, G., Zhang, C., & Zheng, L. (2017, July). Intrusion Detection Using Deep Belief Network and Probabilistic Neural Network. 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). https://doi.org/10.1109/CSE-EUC.2017.119

Zhou Y, Wang P (2019) An ensemble learning approach for XSS attack detection with domain knowledge and threat intelligence. Comput Secur 82:261–269. https://doi.org/10.1016/J.COSE.2018.12.016CrossRef

Titel: Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review
verfasst von: Jasleen Kaur
Urvashi Garg
Gourav Bathla
Publikationsdatum: 23.03.2023
Verlag: Springer Netherlands
Erschienen in: Artificial Intelligence Review / Ausgabe 11/2023
Print ISSN: 0269-2821
Elektronische ISSN: 1573-7462
DOI: https://doi.org/10.1007/s10462-023-10433-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 11/2023

The q-rung fuzzy LOPCOW-VIKOR model to assess the role of unmanned aerial vehicles for precision agriculture realization in the Agri-Food 4.0 era

Neurosymbolic AI: the 3rd wave

Reinforcement learning architecture for cyber–physical–social AI: state-of-the-art and perspectives

Applications of AI in oil and gas projects towards sustainable development: a systematic literature review

Video summarization using deep learning techniques: a detailed analysis and investigation

An exhaustive review of the metaheuristic algorithms for search and optimization: taxonomy, applications, and open challenges

Premium Partner