Web Server Security Solution for Detecting Cross-site Scripting Attacks in Real-time Using Deep Learning

Abstract

Cross-Site Scripting (XSS) represents one of the most prevalent application layer attacks perpetrated by an attacker, a client, and the web server. Cyber-attacks steal clients’ cookies / sensitive details and therefore associate the client with the web. Filtering user data in server-side scripts like ASP (Active Server Pages), PHP (Hypertext Preprocessor), or some other web-enabled programming language is a general solution to this which can be found floating around the internet. From the server perspective, we suggest a modular and extensible solution against XSS attack; the extensible solution can be used as an identity management solution for validating the users accessing the web application and testing for correct permissions for various web resources allocated to web users. Using deep learning, the research creates a secure ecosystem that may be used to provide efficient real-time detection and mitigation of cross-site scripting attacks in fog/cloud online applications. In this study, a deep learning model was used to detect XSS attacks, and its output was compared to that of three other deep learning models, namely Multilayer Perceptron, Long Short-Term Memory, and Deep Belief Network. This web-based system utilizes an MLP architecture for deep learning to detect inserted XSS attack scripts in web applications. The effectiveness of the algorithm for deep learning is assessed by utilizing evaluation metrics to evaluate the framework. Employing embedding as a feature, the MLP method performed the best in the evaluation for detecting XSS attacks, attaining an accuracy of 99.47%.