Visible to the public XSS Detection Technology Based on LSTM-Attention

TitleXSS Detection Technology Based on LSTM-Attention
Publication TypeConference Paper
Year of Publication2020
AuthorsLei, L., Chen, M., He, C., Li, D.
Conference Name2020 5th International Conference on Control, Robotics and Cybernetics (CRC)
Keywordsabstract features, added attention mechanism, attention mechanism, Context modeling, context-related features, Cross Site Scripting, cross-site scripting, Cross-site scripting (XSS), Data models, Deep Learning, feature extraction, Human Behavior, inadequate feature extraction, Internet, learning (artificial intelligence), long short-term memory recurrent neural network, LSTM, LSTM-attention detection model, malicious attack codes, pattern classification, pubcrawl, recurrent neural nets, Recurrent neural networks, resilience, Resiliency, robots, Scalability, security of data, traditional XSS detection methods, Word2Vec, XSS Attacks, XSS codes, XSS detection model, XSS detection technology, XSS payload features
AbstractCross-site scripting (XSS) is one of the main threats of Web applications, which has great harm. How to effectively detect and defend against XSS attacks has become more and more important. Due to the malicious obfuscation of attack codes and the gradual increase in number, the traditional XSS detection methods have some defects such as poor recognition of malicious attack codes, inadequate feature extraction and low efficiency. Therefore, we present a novel approach to detect XSS attacks based on the attention mechanism of Long Short-Term Memory (LSTM) recurrent neural network. First of all, the data need to be preprocessed, we used decoding technology to restore the XSS codes to the unencoded state for improving the readability of the code, then we used word2vec to extract XSS payload features and map them to feature vectors. And then, we improved the LSTM model by adding attention mechanism, the LSTM-Attention detection model was designed to train and test the data. We used the ability of LSTM model to extract context-related features for deep learning, the added attention mechanism made the model extract more effective features. Finally, we used the classifier to classify the abstract features. Experimental results show that the proposed XSS detection model based on LSTM-Attention achieves a precision rate of 99.3% and a recall rate of 98.2% in the actually collected dataset. Compared with traditional machine learning methods and other deep learning methods, this method can more effectively identify XSS attacks.
DOI10.1109/CRC51253.2020.9253484
Citation Keylei_xss_2020