XSSClassifier: An efficient XSS attack detection approach based on machine learning classifier on SNSs

Shailendra Rathore, Pradip Kumar Sharma, Jong Hyuk Park*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

67 Citations (Scopus)

Abstract

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as crosssite scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learningbased approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

Original languageEnglish
Pages (from-to)1014-1028
Number of pages15
JournalJournal of Information Processing Systems
Volume13
Issue number4
Early online date30 May 2017
DOIs
Publication statusPublished - Aug 2017

Keywords

  • Cross-site scripting attack detection
  • Dataset
  • JavaScript
  • Machine learning classifier
  • Social networking services

Fingerprint

Dive into the research topics of 'XSSClassifier: An efficient XSS attack detection approach based on machine learning classifier on SNSs'. Together they form a unique fingerprint.

Cite this