Detecting XSS attacks by combining CNN with LSTM

XSS is a common attack that has been in the OWAP Top 10 project for many years. With the development of deep learning, deep neural networks are gradually applied in various fields such as finance, medical treatment and so on. At the same time, security researchers have also proposed a series of methods to detect XSS attacks based on neural networks, but no one has tried to detect XSS attacks by combining Convolutional Neural Network (CNN) and Long Short Term Memory(LSTM) recurrent neural network. Based on the fact, this paper proposes a new model which called 3C-LSTM that combines CNN with LSTM to detect XSS attacks. Firstly, it applies word2vec to convert words in XSS payloads into word vectors. Then it trains and tests the data by the model combining CNN and LSTM. The method gets a precision rate of 99.88% and a recall rate of 99.04%. Our work is compared with the work of other to show the excellence of the proposed method. The receiver operating characteristic (ROC) curve is plotted to demonstrate the effectiveness of proposed method.