PERFORMANCE EVALUATION OF HYBRID AND STANDALONE TECHNIQUES ON WEB APPLICATIONS BASED CROSS-SITE SCRIPTING ATTACKS

B. A. Ayogu; G. O. Ogunleye; T. F. Benjamin; J. N. Ugwu

B. A. Ayogu Department of Computer Science, Federal University Oye Ekiti, Nigeria
G. O. Ogunleye Department of Computer Science, Federal University Oye Ekiti, Nigeria
T. F. Benjamin Department of Computer Science, Federal University Oye Ekiti, Nigeria
J. N. Ugwu Department of Computer Science, Federal University Oye Ekiti, Nigeria

Keywords: CNN, Feature selection, LSTM, Security vulnerabilities, XSS Dataset

Abstract

Cross-Site Scripting (XSS) is a type of malicious scripts that are broadcasted on the web applications through Hyper Text Transfer Protocol (HTTP). There are three categories of XSS: persistent, reflected, and Document Object Model DOM-based (Document Object Model). In the persistent attack, the malicious code is stored into the database and execute on every browser that loads the infected webpage. For the reflected attack, the user is tricked into submitting a form that sends malicious code to the victim’s browser, while DOM-based attack is done by manipulating the user’s DOM environment, which does not affect the HTTP response and the web server but the client side of the affected user. To shield users against data theft, this research targets to improve the detection accuracy of cross-site scripting attacks in web applications. The dataset underwent pre-processing. Pearson Correlation technique was used to choose sixty correlated features of sixty-eight features for the research. The efficacy of the CNN-LSTM hybridized approach and their standalone were demonstrated and evaluated using accuracy criteria. Experimental results recorded 99.87% for both hybrid and LSTM approaches respectively with margin of 0.1 lower than CNN, but higher in terms of other metrics, implying that all the approaches can be used for the detection of cross-site scripting attacks.