DeepXSS: Cross Site Scripting Detection Based on Deep Learning
| Title | DeepXSS: Cross Site Scripting Detection Based on Deep Learning |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Fang, Yong, Li, Yang, Liu, Liang, Huang, Cheng |
| Conference Name | Proceedings of the 2018 International Conference on Computing and Artificial Intelligence |
| Date Published | March 2018 |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6419-5 |
| Keywords | artificial intelligence security, composability, Cross Site Scripting, Cross Site Scripting (XSS), Deep Learning, Human Behavior, LSTM, Metrics, pubcrawl, Resiliency, Scalability, web security, Word2Vec |
| Abstract | Nowadays, Cross Site Scripting (XSS) is one of the major threats to Web applications. Since it's known to the public, XSS vulnerability has been in the TOP 10 Web application vulnerabilities based on surveys published by the Open Web Applications Security Project (OWASP). How to effectively detect and defend XSS attacks are still one of the most important security issues. In this paper, we present a novel approach to detect XSS attacks based on deep learning (called DeepXSS). First of all, we used word2vec to extract the feature of XSS payloads which captures word order information and map each payload to a feature vector. And then, we trained and tested the detection model using Long Short Term Memory (LSTM) recurrent neural networks. Experimental results show that the proposed XSS detection model based on deep learning achieves a precision rate of 99.5% and a recall rate of 97.9% in real dataset, which means that the novel approach can effectively identify XSS attacks. |
| URL | https://dl.acm.org/doi/10.1145/3194452.3194469 |
| DOI | 10.1145/3194452.3194469 |
| Citation Key | fang_deepxss:_2018 |