Research On Detection Of Cross-Site Scripting Attacks Based On Machine Learning

Nowadays,computer network technology is developing very quickly.Cybercrime is on the rise.There are two main forms of cybercrime:the illegal acquisition of system data and the inability of the system to provide services.Cross-site scripting attack,which exploits web vulnerabilities to steal information,is a very typical attack.This article is aimed at cross-site scripting attack detection.Cross-site scripting attack detection is the first step in solving the problem of Web application page security.Its detection accuracy not only affects user safety,but also endangers the overall security of Web application.Therefore,it is also the key content in Web security testing.Information security solutions are mainly divided into two categories.The first solution is based on instance scenario analysis.The second solution is to use machine-learning techniques to detect attacks.The attack is predicted by machine learning algorithm model.Such schemes can be automated to update modules to adapt to new attacks without having to spend manpower on rule-making.It has a clear advantage in dealing with new attacks.However,the method based on machine learning has the problem of high false alarm rate.Therefore,it is the focus of this kind of solution to reduce the false alarm rate and improve the identification rate of attack.This paper focuses on the cross-site scripting attack detection based on machine learning.It is the subtask of the second type of solution.The composition of the cross-site scripting attack statement is different from that of the normal request.This paper designs the cross-site scripting attack detection method based on XGBoost and C-GRU for these differences.Finally,the experimental results show that the accuracy of the method is 98%,which is better than the baseline method.The main work of the study is as follows:Firstly,we build the penetration test system and the attack host.We use Burpsuite,BeEF,Metasploit and other popular penetration tools to simulate cross-site scripting vulnerabilities manually mining and exploitation.Secondly,we use the traditional machine learning method and do feature engineering for cross-site scripting request data.After that using the XGBoost algorithm to predict the attack.Finally,we look at XSS attack request as a short text and build a deep learning model based on C-GRU.The text is classified by character level processing.