Detecting XSS attacks by combining CNN with LSTM

Citation Author(s):
Boyu
Zhang
Guangzhou University
Submitted by:
Miao Liu
Last updated:
Tue, 12/03/2019 - 22:24
DOI:
10.21227/css6-ds36
Data Format:
Links:
License:
2
1 rating - Please login to submit your rating.

Abstract 

 

XSS is a common attack that has been in the OWAP Top 10 project for many years. With the development of deep learning, deep neural networks are gradually applied in various fields such as finance, medical treatment and so on. At the same time, security researchers have also proposed a series of methods to detect XSS attacks based on neural networks, but no one has tried to detect XSS attacks by combining Convolutional Neural Network (CNN) and Long Short Term Memory(LSTM) recurrent neural network. Based on the fact, this paper proposes a new model which called 3C-LSTM that combines CNN with LSTM to detect XSS attacks. Firstly, it applies word2vec to convert words in XSS payloads into word vectors. Then it trains and tests the data by the model combining CNN and LSTM. The method gets a precision rate of 99.88% and a recall rate of 99.04%. Our work is compared with the work of other to show the excellence of the proposed method. The receiver operating characteristic (ROC) curve is plotted to demonstrate the effectiveness of proposed method.

Instructions: 

The data in xssed.csv comes from XSSed(http://www.XSSed.com)

The data in normal_example.csv from DMOZ(http://www.dmoztools.net/)

Data are URL formed. IP address and domain name are all removed.

Comments

required for my thesis work

Submitted by Harsika Diksha on Tue, 01/18/2022 - 07:15