Dynamic web applications play a vital role in providing resources manipulation and interaction between clients and servers. The features presently supported by browsers have raised business opportunities, by supplying high interactivity in web-based services, like web banking, e-commerce, social networking, forums, and at the same time, these features have brought serious risks and increased vulnerabilities in web applications that enable cyber-attacks to be executed. One of the common high-risk cyber-attack of web application vulnerabilities is cross-site scripting (XSS). Nowadays, XSS is still dramatically increasing and considered as one of the most severe threats for organizations, users, and developers. If the ploy is successful, the victim is at the mercy of the cybercriminals. In this research, a robust artificial neural network-based multilayer perceptron (MLP) scheme integrated with the dynamic feature extractor is proposed for XSS attack detection. The detection scheme adopts a large real-world dataset, the dynamic features extraction mechanism, and MLP model, which successfully surpassed several tests on an employed unique dataset under careful experimentation, and achieved promising and state-of-the-art results with accuracy, detection probabilities, false positive rate, and AUC-ROC scores of 99.32%, 98.35 %, 0.3%, and 99.02%, respectively. Therefore, it has the potentials to be applied for XSS-based attack detection in either the client-side or the server-side.INDEX TERMS Artificial neural network, cross-site scripting attack, detection, multilayer perceptrons, web application security.
Internet of Things (IoT) has caused significant digital disruption to the future of the digital world. With the emergence of the 5G technology, IoT would shift rapidly from aspirational vision to realworld applications. However, one of the most pressing issues in IoT is security. Routing protocols of the IoT, such as the Routing Protocol for Low-power and lossy network protocol (RPL), are vulnerable to both insider and outsider attacks with the insider ones being more challenging because they are more difficult to detect and mitigate. Among the most concerning insider attacks to RPL in IoT applications is the Version Number Attacks (VNAs) that target the global repair mechanisms by consuming resources of IoT devices, such as power, memory, and processing power, to eventually cause the IoT ecosystem to collapse. In this paper, a lightweight VNA detection model named ML-LGBM is proposed. The work on the ML-LGBM model includes the development of a large VNA dataset, a feature extraction method, an LGBM algorithm and maximum parameter optimization. Results of extensive experiments demonstrate the advantages of the proposed ML-LGBM model based on several metrics, such as accuracy, precision, F-score, true negative rate and false-positive rate of 99.6%, 99%, 99.6%, 99.3% and 0.0093, respectively. Moreover, the proposed ML-LGBM model has slower execution time and less memory resource requirement of 140.217 seconds and 347,530 bytes, making it suitable for resource-constrained IoT devices.
The rapid growth of the worldwide web and accompanied opportunities of web applications in various aspects of life have attracted the attention of organizations, governments, and individuals. Consequently, web applications have increasingly become the target of cyberattacks. Notably, cross-site scripting (XSS) attacks on web applications are increasing and have become the critical focus of information security experts’ reports. Machine learning (ML) technique has significantly advanced and shown impressive results in the area of cybersecurity. However, XSS training datasets are often limited and significantly unbalanced, which does not meet well-developed ML algorithms’ requirements and potentially limits the detection system efficiency. Furthermore, XSS attacks have multiple payload vectors that execute in different ways, resulting in many real threats passing through the detection system undetected. In this study, we propose a conditional Wasserstein generative adversarial network with a gradient penalty to enhance the XSS detection system in a low-resource data environment. The proposed method integrates a conditional generative adversarial network and Wasserstein generative adversarial network with a gradient penalty to obtain necessary data from directivity, which improves the strength of the security system over unbalance data. The proposed method generates synthetic samples of minority class that have identical distribution as real XSS attack scenarios. The augmented data were used to train a new boosting model and subsequently evaluated the model using a real test dataset. Experiments on two unbalanced XSS attack datasets demonstrate that the proposed model generates valid and reliable samples. Furthermore, the samples were indistinguishable from real XSS data and significantly enhanced the detection of XSS attacks compared with state-of-the-art methods.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.