Deploying Hybrid EnsembleMachine Learning Techniques for Effective Cross-Site Scripting (XSS) Attack Detection
作者机构:School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan 430073 China Department of Computer Science and Engineering University of Engineering and Technology Lahore 54000 Pakistan Department of Computer Science and Software Engineering Al Ain University Al Ain Abu Abu Dhabi 12555 United Arab Emirates Department of Information Systems College of Computer and Information Sciences Princess Nourah bint Abdulrahman University Riyadh 84428 Saudi Arabia
出 版 物:《Computers, Materials and Continua》 (计算机、材料和连续体(英文))
年 卷 期:2024年第81卷第1期
页 面:707-748页
核心收录:
学科分类:08[工学] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:Princess Nourah Bint Abdulrahman University PNU (PNURSP2024R513)
主 题:Cross-site scripting hybrid learning machine learning stacking ensemble learning XSS detection
摘 要:Cross-Site Scripting (XSS) remains a significant threat to web application security, exploiting vulnerabilities to hijack user sessions and steal sensitive data. Traditional detection methods often fail to keep pace with the evolving sophistication of cyber threats. This paper introduces a novel hybrid ensemble learning framework that leverages a combination of advanced machine learning algorithms-Logistic Regression (LR), Support Vector Machines (SVM), eXtreme Gradient Boosting (XGBoost), Categorical Boosting (CatBoost), and Deep Neural Networks (DNN). Utilizing the XSS-Attacks-2021 dataset, which comprises 460 instances across various real-world trafficrelated scenarios, this framework significantly enhances XSS attack detection. Our approach, which includes rigorous feature engineering and model tuning, not only optimizes accuracy but also effectively minimizes false positives (FP) (0.13%) and false negatives (FN) (0.19%). This comprehensive methodology has been rigorously validated, achieving an unprecedented accuracy of 99.87%. The proposed system is scalable and efficient, capable of adapting to the increasing number of web applications and user demands without a decline in performance. It demonstrates exceptional real-time capabilities, with the ability to detect XSS attacks dynamically, maintaining high accuracy and low latency even under significant loads. Furthermore, despite the computational complexity introduced by the hybrid ensemble approach, strategic use of parallel processing and algorithmtuning ensures that the system remains scalable and performs robustly in real-time applications. Designed for easy integration with existing web security systems, our framework supports adaptable Application Programming Interfaces (APIs) and a modular design, facilitating seamless augmentation of current defenses. This innovation represents a significant advancement in cybersecurity, offering a scalable and effective solution for securing modern web applications a
维普期刊数据库