An Improved Tool for Detection of XSS Attacks by Combining CNN with LSTM

Resumo


Cross-Site Scripting (XSS) is still a significant threat to web applications. By combining Convolutional Neural Networks (CNN) with Long ShortTerm Memory (LSTM) techniques, researchers have developed a deep learning system called 3C-LSTM that achieves upwards of 99.4% accuracy when predicting whether a new URL corresponds to a benign locator or an XSS attack. This paper improves on 3C-LSTM by proposing different network architectures and validation strategies and identifying the optimal structure for a more efficient, yet similarly accurate, version of 3C-LSTM. The authors identify larger batch sizes, smaller inputs, and cross-validation removal as modifications to achieve a speedup of around 3.9 times in the training step.

Palavras-chave: cross-site scripting, communication system security, machine learning, natural language processing

Referências

Hydara, I., Sultan, A. B. M., Zulzalil, H., & Admodisastro, N. (2015). Current state of research on cross-site scripting (XSS)–A systematic literature review. Information and Software Technology, 58, 170-186.

Grossman, J., Fogie, S., Hansen, R., Rager, A., & Petkov, P. D. (2007). XSS attacks: cross site scripting exploits and defense. Syngress.

Boyu Zhang, “Detecting XSS attacks by combining CNN with LSTM”, IEEE Dataport, 2019. [Online]. http://dx.doi.org/10.21227/css6-ds36. Accessed: Apr. 23, 2020.

Liu, M., Zhang, B., Chen, W., & Zhang, X. (2019). A Survey of Exploitation and Detection Methods of XSS Vulnerabilities. IEEE Access, 7, 182004-182016.

Wichers, D., & Williams, J., “Owasp top-10 2017”, OWASP, 2017.

Fang, Y., Li, Y., Liu, L., & Huang, C. (2018, March). DeepXSS: Cross site scripting detection based on deep learning. 2018 International Conference on Computing and Articial Intelligence (pp. 47-51).

Gupta, S., & Gupta, B. B. (2017). Cross-Site Scripting (XSS) attacks and defense mechanisms: classication and state-of-the-art. International Journal of System Assurance Engineering and Management, 8(1), 512-530.

Goswami, S., Hoque, N., Bhattacharyya, D. K., & Kalita, J. (2017). An Unsupervised Method for Detection of XSS Attack. IJ Network Security, 19(5), 761-775.

Vishnu, B. A., & Jevitha, K. P. (2014, October). Prediction of cross-site scripting attack using machine learning algorithms. In Proceedings of the 2014 International Conference on Interdisciplinary Advances in Applied Computing (pp. 1-5).

Rathore, S., Sharma, P. K., & Park, J. H. (2017). XSSClassier: An Efcient XSS Attack Detection Approach Based on Machine Learning Classier on SNSs. JIPS, 13(4), 1014-1028.

Mikolov, T., Chen, K., Corrado, G., & Dean, J. (2013). Efcient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781.

Mikolov, T., Sutskever, I., Chen, K., Corrado, G. S., & Dean, J. (2013). Distributed representations of words and phrases and their compositionality. In Advances in neural information processing systems (pp. 3111-3119).

LeCun, Y., Boser, B. E., Denker, J. S., Henderson, D., Howard, R. E., Hubbard, W. E., & Jackel, L. D. (1990). Handwritten digit recognition with a back-propagation network. In Advances in neural information processing systems (pp. 396-404).

Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural computation, 9(8), 1735-1780.

Hahnloser, R. H., Sarpeshkar, R., Mahowald, M. A., Douglas, R. J., & Seung, H. S. (2000). Digital selection and analogue amplication coexist in a cortex-inspired silicon circuit. Nature, 405(6789), 947-951.

LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. nature, 521(7553), 436-444.
Publicado
04/10/2021
LENTE, Caio; HIRATA JR., Roberto; BATISTA, Daniel Macêdo. An Improved Tool for Detection of XSS Attacks by Combining CNN with LSTM. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Evento Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021 . p. 1-8. DOI: https://doi.org/10.5753/sbseg_estendido.2021.17333.

Artigos mais lidos do(s) mesmo(s) autor(es)

1 2 > >>