| Cross Site Scripting(XSS)is a significant issue in the field of network security,and there have been many studies on XSS detection models.Defense against XSS attacks has made significant progress,and a crucial direction is designing more efficient and accurate XSS detection models.Scholars have proposed different XSS detection methods based on machine learning models and deep learning models,among others,targeting the characteristics of XSS attacks.However,XSS adversarial attack samples against these detection models are emerging,and the detection accuracy of models will continue to decline under adversarial sample attacks.XSS adversarial attack samples can reveal the underlying rules and vulnerability points of XSS attacks,optimizing the detection algorithm and improving its detection effectiveness.Therefore,further enhancing the accuracy of XSS detection models and providing more valuable XSS attack data samples for XSS attack detection models is a significant challenge that needs to be addressed.This paper proposes a reinforcement learning-based XSS adversarial attack sample generation model,which aims to generate XSS adversarial attack samples.The model mainly consists of a detection module and an adversarial attack module.The processing flow of the model is divided into two stages: the detection stage and the evasion stage.The main research content of this paper is as follows:Firstly,this research presents a detection module of the XSS adversarial attack model,which is designed based on ensemble learning(LSTM+MLP+SVM).The detection module primarily handles the detection phase of the XSS adversarial attack model.The XSS detector in the detection module is built using ensemble learning,combining the mainstream XSS detection models based on LSTM,MLP,and SVM.The stacking method is employed to create an XSS attack detection model with higher accuracy.This paper also conducts ablation experiments and comparative experiments to demonstrate the superior accuracy of the ensemble model.In the detection phase,the detection module preprocesses the existing XSS raw dataset,which mainly involves data cleansing of the XSS original scripts and Word2Vec-based vectorization.Subsequently,the preprocessed data is fed into the XSS detection model within the detection module.Finally,the detection module obtains the classification results of the XSS original data,laying the foundation for the subsequent escape phase.Secondly,this research introduces an XSS adversarial sample generator based on the TD3 reinforcement learning algorithm,which belongs to the adversarial attack module of the XSS adversarial attack model.This module serves as the core component of the proposed model and primarily handles the escape phase of the XSS adversarial attack model.In the escape phase,for XSS scripts that have not evaded XSS attack detection in the detection module,the adversarial attack module utilizes the TD3 reinforcement learning algorithm to modify them,thereby generating legitimate adversarial samples capable of bypassing XSS detection models.This module is designed using reinforcement learning techniques and defines the state space,action space,and reward function.Furthermore,experiments are conducted to compare the escape rates of XSS adversarial samples generated using Soft-Q learning and TD3 under the ensemble model.The experimental results demonstrate that the escape rate of the XSS adversarial samples generated based on TD3 is nearly 6% higher than those generated using Soft-Q learning.Finally,through the study of the XSS adversarial attack model,this article designed and implemented an XSS adversarial sample generation system.This system uses the XSS adversarial attack model proposed in this article to generate XSS adversarial attack scripts,providing more valuable XSS attack data samples for XSS attack detection models.The system mainly includes three functional modules: user module,XSS detection system module,and XSS adversarial sample generation module.The entire system is built using a front-end and back-end separation architecture.The back-end framework is built using Spring SSM,the front-end is built using react.js,and the database uses My SQL and Redis. |