An Analysis of Machine-Learning Feature-Extraction Techniques using Syntactic Tagging for Cross-site Scripting Detection

Talib Nurul Atiqah Abu (Nurul Atiqah Abu Talib); Doh, Kyung-Goo (도경구)

doi:10.29056/jsav.2022.06.13

An Analysis of Machine-Learning Feature-Extraction Techniques using Syntactic Tagging for Cross-site Scripting Detection

Journal of Software Assessment and Valuation
Abbr : JSAV
2022, 18(1), pp.107-118
DOI : 10.29056/jsav.2022.06.13
Publisher : Korea Software Assessment and Valuation Society
Research Area : Engineering > Computer Science
Received : May 6, 2022
Accepted : June 20, 2022
Published : June 30, 2022

Talib Nurul Atiqah Abu ¹, Doh, Kyung-Goo ²

¹한양대학교 ERICA
²한양대학교

Accredited

ABSTRACT

Working for a strategy to ensure web application security has become more complex as it is not only to protect against the more challenging cross-site scripting (XSS) attacks but also to assist the open expressiveness of web applications to provide users with interactive services. The feature extractions used in supervised machine learning to detect XSS as an approach to the strategy are now in question of their effective classification. Their lack of preserving structural information may not uphold the property of structured data in input payloads. We apply the concept of syntactic n-grams to a payload text representation. The study of different feature extractions on the representation is to see if syntactic information is maintained. Our purpose is to determine the more effective approach to correctly classify benign and malicious payloads on a real-world dataset. The use of sn-grams that produces the most favourable results of accuracy and precision would only indicate that the extraction is reasonably able to minimize false reports during classification.

KEYWORDS

Cross-site Scripting, Supervised Machine Learning, Syntactic N-gram Features, Text Classification, Web Security

Citation status

* References for papers published after 2023 are currently being built.

[web] OWASP / 2021 / OWASP Top 10:2021 / OWASP / https://owasp.org/Top10/

[web] MITRE Corporation / CVE Details: The Ultimate Security Vulnerability Datasource / https://www.cvedetails.com/vulnerabilitiesby-types.php

[confproc] Giovanni Apruzzese / 2018 / On the effectiveness of machine and deep learning for cyber security / 2018 10th International Conference on Cyber Conflict (CyCon) / IEEE 2018(5) : 371~389

[confproc] Angelo Eduardo Nunan / 2012 / Automatic classification of cross-site scripting in web pages using document-based and URL-based features / 2012 IEEE Symposium on Computers and Communications (ISCC) / IEEE : 000702~000707

[journal] Shailendra Rathore / 2017 / XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs / JIPS(Journal of Information Processing Systems) / 한국정보처리학회 13(4) : 1014~1028

[journal] Samuel Ndichu / 2019 / A machine learning approach to detection of JavaScript-based attacks using AST features and paragraph vectors / Applied Soft Computing / Elsevier BV 84 : 105721~

[journal] A. C. Müller / 2016 / Introduction to Machine Learning with Python: a guide for data scientists 53(9)

[journal] N. A. Abu Talib / Run-time Detection of Cross-site Scripting: A Machine-Learning Approach Using Syntactic-Tagging N-Gram Features

[journal] Grigori Sidorov / 2014 / Syntactic N-grams as machine learning features for natural language processing / Expert Systems with Applications / Elsevier BV 41(3) : 853~860

[confproc] T. Mikolov / 2013 / Efficient estimation of word representations in vector space / 1st Int. Conf. Learn. Represent. ICLR 2013 - Work. Track Proc

[confproc] Q. Le / 2014 / Distributed representations of sentences and documents / 31st Int. Conf. Mach. Learn. ICML 2014 4 : 2931~2939

[confproc] Y. Fang / 2018 / DeepXSS: Cross site scripting detection based on deep learning / ACM Int. Conf. Proceeding Ser. : 47~51

[journal] Fawaz A. Mereani / 2018 / Detecting Cross-Site Scripting Attacks Using Machine Learning / The International Conference on Advanced Machine Learning Technologies and Applications (AMLTA2018) / Springer International Publishing 723 : 200~210

[journal] Apeksha Khabia / 2015 / A Cluster based Approach with N-grams at Word Level for Document Classification / International Journal of Computer Applications / Foundation of Computer Science 117(23) : 38~42

[confproc] Boris Chernis / 2018 / Machine learning methods for software vulnerability detection / IWSPA 2018 - Proc. 4th ACM Int. Work. Secur. Priv. Anal. Co-located with CODASPY 2018 2018(1) : 31~39

[journal] Maede Zolanvari / 2019 / Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things / IEEE Internet of Things Journal / Institute of Electrical and Electronics Engineers (IEEE) 6(4) : 6822~6834

[journal] Debabrata Kar / 2015 / SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity / Distributed Computing and Internet Technology / Springer International Publishing 8956 : 377~390

KJCKorea
Journal Central

Journal of Software Assessment and Valuation 2023 KCI Impact Factor : 0.35

An Analysis of Machine-Learning Feature-Extraction Techniques using Syntactic Tagging for Cross-site Scripting Detection

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Software Assessment and Valuation 2023 KCI Impact Factor : 0.35

An Analysis of Machine-Learning Feature-Extraction Techniques using Syntactic Tagging for Cross-site Scripting Detection

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (17) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.