An ensemble learning approach for XSS attack detection with domain knowledge and threat intelligence

Cross-site scripting (XSS) attack is one of the most dangerous attacks for web security. Traditional XSS detection methods mainly focus on the vulnerability itself, relying on static analysis and dynamic analysis, which appear weak in defending the flood of various kinds of payloads. In this paper, the XSS attack detection method is proposed based on an ensemble learning approach which utilizes a set of Bayesian networks, and each Bayesian network is built with both domain knowledge and threat intelligence. Besides, an analysis method is proposed to further explain the results, which sorts nodes in the Bayesian network according to their influences on the output node. The results are explainable to the end users. To validate the proposed method, experiments are performed on a real-world dataset about the XSS attack. The results show the priority of the proposed method, especially when the number of attacks increases. Moreover, the node sorting results could help the security team to cope with the attack in time.