Biblio

In our proposed work the web security has been enhanced using additional security code and an enhanced frame work. Administrator of site is required to specify the security code for particular date and time. On user end user would be capable to login and view authentic code allotted to them during particular time slot. This work would be better in comparison of tradition researches in order to prevent sql injection attack and cross script because proposed work is not just considering the security, it is also focusing on the performance of security system. This system is considering the lot of security dimensions. But in previous system there was focus either on sql injection or cross script. Proposed research is providing versatile security and is available with low time consumption with less probability of unauthentic access.

Cross site scripting (XSS) attack is one of the attacks on the web. It brings session hijack with HTTP cookies, information collection with fake HTML input form and phishing with dummy sites. As a countermeasure of XSS attack, machine learning has attracted a lot of attention. There are existing researches in which SVM, Random Forest and SCW are used for the detection of the attack. However, in the researches, there are problems that the size of data set is too small or unbalanced, and that preprocessing method for vectorization of strings causes misclassification. The highest accuracy of the classification was 98% in existing researches. Therefore, in this paper, we improved the preprocessing method for vectorization by using word2vec to find the frequency of appearance and co-occurrence of the words in XSS attack scripts. Moreover, we also used a large data set to decrease the deviation of the data. Furthermore, we evaluated the classification results with two procedures. One is an inappropriate procedure which some researchers tend to select by mistake. The other is an appropriate procedure which can be applied to an attack detection filter in the real environment.