Detecting Cross-Site Scripting (XSS) Using Machine Learning

Abstract

Cross-site scripting (XSS) attacks are currently one of the most threatening
network attack methods. Effectively detecting and intercepting XSS attacks is
an important research topic in the network security field. The main objective of
this project to predict whether a script should be Safe or XSS vulnerabilities
attack

Existing System:
The traditional XSS detection method usually extracts some features
based on experience and then detects whether it is an XSS attack based on the
rule-based matching method. However, this method cannot identify
increasingly complex XSS attack sentences. With the rapid development of
machine learning, an increasing number of researchers have attempted to
solve problems in network security through machine learning algorithms,
especially XSS attack detection, and have made corresponding progress .Zhou
et al. (2019) proposed a cross-site script detection model based on the
combination of a multilayer perceptron and a hidden Markov model. This
model preprocesses the data through a natural language processing method
and then uses a multilayer perceptron to adjust the initial observation matrix
of the hidden Markov model (HMM). The improved HMM improves the
detection efficiency compared with the unmodified hidden Markov model
Disadvantage:
 Perceptron networks have several limitations. First, the output values of
a perceptron can take on only one of two values (0 or 1) because of the
hard-limit transfer function. Second, perceptrons can only classify
linearly separable sets of vectors.
 The calculation process is difficult and takes a long time

Proposed System:
In this project, the proposed system is based on Machine learning
algorithm which is Multinomial naïve bayes for classification. Multinomial
Naive Bayes text classifier is based on the Bayes's Theorem, which helps us
compute the conditional probabilities of occurrence of two events based on
the probabilities of occurrence of each individual event, encoding those
probabilities is extremely useful. We are also create a web application by using
HTML, CSS for front end. The final output will be displayed in the web
application whether a script should be Safe or XSS vulnerabilities attack
Block Diagram:

Data Data
Dataset
Preprocessing Spliting

Train Data Test Data

Data Training
process

Output Model
Creation

Test Data

Advantage:
 When assumption of independent predictors holds true, a Naive Bayes
classifier performs better as compared to other models.
 Multinomial Naive Bayes requires a small amount of training data to
estimate the test data. So, the training period is less.
Software and Hardware Requirements:
 OS – Windows 7, 8 and 10 (32 and 64 bit)
 RAM –4GB
 Processor i3 or i5
 Python