MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique

Dynamic web applications play a vital role in providing resources manipulation and interaction between clients and servers. The features presently supported by browsers have raised business opportunities, by supplying high interactivity in web-based services, like web banking, e-commerce, social net...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2019, Vol.7, p.100567-100580
Hauptverfasser: Mokbal, Fawaz Mahiuob Mohammed, Dan, Wang, Imran, Azhar, Jiuchuan, Lin, Akhtar, Faheem, Xiaoxi, Wang
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Dynamic web applications play a vital role in providing resources manipulation and interaction between clients and servers. The features presently supported by browsers have raised business opportunities, by supplying high interactivity in web-based services, like web banking, e-commerce, social networking, forums, and at the same time, these features have brought serious risks and increased vulnerabilities in web applications that enable cyber-attacks to be executed. One of the common high-risk cyber-attack of web application vulnerabilities is cross-site scripting (XSS). Nowadays, XSS is still dramatically increasing and considered as one of the most severe threats for organizations, users, and developers. If the ploy is successful, the victim is at the mercy of the cybercriminals. In this research, a robust artificial neural network-based multilayer perceptron (MLP) scheme integrated with the dynamic feature extractor is proposed for XSS attack detection. The detection scheme adopts a large real-world dataset, the dynamic features extraction mechanism, and MLP model, which successfully surpassed several tests on an employed unique dataset under careful experimentation, and achieved promising and state-of-the-art results with accuracy, detection probabilities, false positive rate, and AUC-ROC scores of 99.32%, 98.35 %, 0.3%, and 99.02%, respectively. Therefore, it has the potentials to be applied for XSS-based attack detection in either the client-side or the server-side.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2019.2927417