• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

GCNXSS: An Attack Detection Approach for Cross-Site Scripting Based on Graph Convolutional Networks

Vol. 16, No. 12, December 31, 2022
10.3837/tiis.2022.12.013, Download Paper (Free):

Abstract

Since machine learning was introduced into cross-site scripting (XSS) attack detection, many researchers have conducted related studies and achieved significant results, such as saving time and labor costs by not maintaining a rule database, which is required by traditional XSS attack detection methods. However, this topic came across some problems, such as poor generalization ability, significant false negative rate (FNR) and false positive rate (FPR). Moreover, the automatic clustering property of graph convolutional networks (GCN) has attracted the attention of researchers. In the field of natural language process (NLP), the results of graph embedding based on GCN are automatically clustered in space without any training, which means that text data can be classified just by the embedding process based on GCN. Previously, other methods required training with the help of labeled data after embedding to complete data classification. With the help of the GCN auto-clustering feature and labeled data, this research proposes an approach to detect XSS attacks (called GCNXSS) to mine the dependencies between the units that constitute an XSS payload. First, GCNXSS transforms a URL into a word homogeneous graph based on word co-occurrence relationships. Then, GCNXSS inputs the graph into the GCN model for graph embedding and gets the classification results. Experimental results show that GCNXSS achieved successful results with accuracy, precision, recall, F1-score, FNR, FPR, and predicted time scores of 99.97%, 99.75%, 99.97%, 99.86%, 0.03%, 0.03%, and 0.0461ms. Compared with existing methods, GCNXSS has a lower FNR and FPR with stronger generalization ability.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
H. Pan, Y. Fang, C. Huang, W. Guo, X. Wan, "GCNXSS: An Attack Detection Approach for Cross-Site Scripting Based on Graph Convolutional Networks," KSII Transactions on Internet and Information Systems, vol. 16, no. 12, pp. 4008-4023, 2022. DOI: 10.3837/tiis.2022.12.013.

[ACM Style]
Hongyu Pan, Yong Fang, Cheng Huang, Wenbo Guo, and Xuelin Wan. 2022. GCNXSS: An Attack Detection Approach for Cross-Site Scripting Based on Graph Convolutional Networks. KSII Transactions on Internet and Information Systems, 16, 12, (2022), 4008-4023. DOI: 10.3837/tiis.2022.12.013.

[BibTeX Style]
@article{tiis:38218, title="GCNXSS: An Attack Detection Approach for Cross-Site Scripting Based on Graph Convolutional Networks", author="Hongyu Pan and Yong Fang and Cheng Huang and Wenbo Guo and Xuelin Wan and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2022.12.013}, volume={16}, number={12}, year="2022", month={December}, pages={4008-4023}}