MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique

Mokbal, Fawaz Mahiuob Mohammed; Wang, Dan; Imran, Azhar; Lin, Jun; Akhtar, Faheem; Wang, Xiaoxi

doi:10.1109/access.2019.2927417

Cited by 73 publications

(35 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, there are challenges in using ML-based methods, including finding or designing an adequate, accurate, and balanced dataset designed for ML algorithms usage. Unfortunately, there is no public and standard dataset intended for this purpose (Obimbo, Ali & Mohamed, 2017;Nunan et al, 2012;Mokbal et al, 2019), where researchers can create their datasets based on their requirements and orientation.…”

Section: Related Workmentioning

confidence: 99%

“…However, the DR score of 0.941 is inadequate, with a high FP rate of 4.20%. Mokbal et al (2019) proposed a scheme based on dynamic feature extraction and deep neural network to detect XSS attacks. Using their developed dataset, they achieved an estimated DR of 98.35%.…”

Section: Related Workmentioning

confidence: 99%

“…Although many performance metrics have been introduced, GANs do not have an objective measure of the generator model, as there is no consensus on the best metric that captures the strength/limitations of the model and should be used for a fair comparison between models (Borji, 2019). We used precision, detection Rate (DR)/ recall, and F 1−score, which are proven and widely adopted methods for quantitatively estimating the quality of discriminative (Mokbal et al, 2019) 101,000 67 Attack Benign 1000 100,000 models suggested by Google Brain research (Lucic et al, 2018). Precision measures the generated instances similarity to the real ones on average.…”

Section: Performance Evaluation Criteriamentioning

confidence: 99%

“…Consequently, applying most standard ML algorithms to XSS data in the straightforward are unsuitable and challenging compared with other well-developed clean data domains (Vluymans, 2019;Mokbal et al, 2019). To our best knowledge, the limited and unbalanced data of XSS cyber-attack based on ML learning have not been addressed in the literature, which is worth to study.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Data augmentation-based conditional Wasserstein generative adversarial network-gradient penalty for XSS attack detection system

Mokbal

Wang

Wang³

et al. 2020

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

The rapid growth of the worldwide web and accompanied opportunities of web applications in various aspects of life have attracted the attention of organizations, governments, and individuals. Consequently, web applications have increasingly become the target of cyberattacks. Notably, cross-site scripting (XSS) attacks on web applications are increasing and have become the critical focus of information security experts’ reports. Machine learning (ML) technique has significantly advanced and shown impressive results in the area of cybersecurity. However, XSS training datasets are often limited and significantly unbalanced, which does not meet well-developed ML algorithms’ requirements and potentially limits the detection system efficiency. Furthermore, XSS attacks have multiple payload vectors that execute in different ways, resulting in many real threats passing through the detection system undetected. In this study, we propose a conditional Wasserstein generative adversarial network with a gradient penalty to enhance the XSS detection system in a low-resource data environment. The proposed method integrates a conditional generative adversarial network and Wasserstein generative adversarial network with a gradient penalty to obtain necessary data from directivity, which improves the strength of the security system over unbalance data. The proposed method generates synthetic samples of minority class that have identical distribution as real XSS attack scenarios. The augmented data were used to train a new boosting model and subsequently evaluated the model using a real test dataset. Experiments on two unbalanced XSS attack datasets demonstrate that the proposed model generates valid and reliable samples. Furthermore, the samples were indistinguishable from real XSS data and significantly enhanced the detection of XSS attacks compared with state-of-the-art methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Performance Evaluation Criteriamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Data augmentation-based conditional Wasserstein generative adversarial network-gradient penalty for XSS attack detection system

Mokbal

Wang

Wang³

et al. 2020

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Many machine learning (ML) models, such as multilayer perceptron (MLP) [7], support vector machine (SVM) [8], decision tree (DT) [9], and random forest (RF) [10], [11] can be adopted to solve the MLE prediction problem. These ML models provide excellent performance in several research topics [12]- [16].…”

Section: Introductionmentioning

confidence: 99%

A High-Precision Random Forest-Based Maximum Lyapunov Exponent Prediction Model for Spherical Porous Gas Bearing Systems

2020

View full text Add to dashboard Cite

Spherical porous air bearing (SPAB) systems have been extensively used in various mechanical engineering applications. SPABs are promising materials in high-rotational speed, high-precision, and highstiffness instruments. In SPAB systems, a rotor is supported by gas bearings, which provides higher rotational speed and lower heat generation environment than oil bearings do. Furthermore, SPAB does not cause deformation. Although, the supporting force of gas bearings is less, their stability is better than that of oil films. However, because the pressure distribution in the gas films is nonlinear, they are prone to failure at specific critical speeds, rotor imbalances, or inappropriate operations, which results in nonperiodic or chaotic motion and causes structural fatigue to the system. To understand and control the operating conditions of the SPAB systems during the nonperiodic motion, first, the governing equations of the SPAB system were solved to obtain the dynamic behavior of the rotor center. Then, the performance of the SPAB system were examined under different operating conditions by generating the maximum Lyapunov exponents (MLEs). However, the calculation process of MLE is extremely time consuming and complex. To solve this problem efficiently, a high-precision machine learning (ML)-based MLE prediction model was proposed in this study. The results show that the training process can be finished within few minutes, and the prediction process is able to be completed within few seconds. Meanwhile, the results demonstrate the merit of using the machine learning method for solving the MLE prediction problem and shorten the calculation time significantly. The proposed prediction model achieves excellent prediction outcome and it is more efficient and precise than traditional iteration scheme for the calculation of MLE. The feasibility of the proposed model is validated and the results also are the major contribution of this study. INDEX TERMS Machine learning, maximum Lyapunov exponents (MLEs), prediction model, spherical porous air bearing (SPAB)

show abstract

IGXSS: XSS payload detection model based on inductive GCN

Wang,

Li,

Wang

et al. 2024

Int J Network Mgmt

View full text Add to dashboard Cite

To facilitate the management, Internet of Things (IoT) vendors usually apply remote ways such as HTTP services to uniformly manage IoT devices, leading to traditional web application vulnerabilities that also endanger the cloud interfaces of IoT, such as cross‐site scripting (XSS), code injection, and Remote Command/Code Execute (RCE). XSS is one of the most common web application attacks, which allows the attacker to obtain private user information or attack IoT devices and IoT cloud platforms. Most of the existing XSS payload detection models are based on machine learning or deep learning, which usually require a lot of external resources, such as pretrained word vectors, to achieve a better performance on unknown samples. But in the field of XSS payload detection, high‐quality vector representations of samples are often difficult to obtain. In addition, existing models all perform substantially worse when the distribution of XSS payloads and benign samples in the test dataset is extremely unbalanced (e.g., XSS payloads: benign samples = 1: 20). While in the real XSS attack scenario against IoT, an XSS payload is often hidden in a massive amount of normal user requests, indicating that these models are not practical. In response to the above issues, we propose an XSS payload detection model based on inductive graph neural networks, IGXSS (XSS payload detection model based on inductive GCN), to detect XSS payloads targeting IoT. Firstly, we treat the samples and words obtained from segmenting the samples as nodes and attach lines between them in order to form a graph. Then, we obtain the feature matrix of nodes and edges utilizing information between nodes only (instead of external resources such as pretrained word vectors). Finally, we feed the obtained feature matrix into a two‐layer GCN for training and validate the performance of models in several datasets with different sample distributions. Extensive experiments on the real datasets show that IGXSS performs better compared to other models under various sample distributions. In particular, when the sample distribution is extremely unbalanced, the recall and F1 score of IGXSS still reach 1.000 and 0.846, demonstrating that IGXSS is more robust and more suitable for practical scenarios.

show abstract

MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique

Cited by 73 publications

References 29 publications

Data augmentation-based conditional Wasserstein generative adversarial network-gradient penalty for XSS attack detection system

Data augmentation-based conditional Wasserstein generative adversarial network-gradient penalty for XSS attack detection system

A High-Precision Random Forest-Based Maximum Lyapunov Exponent Prediction Model for Spherical Porous Gas Bearing Systems

IGXSS: XSS payload detection model based on inductive GCN

Contact Info

Product

Resources

About