TY  - JOUR
TI  - A Hybrid Machine Learning Model to Detect Reflected XSS Attack
AB  - Since web technologies are getting more advanced with longer codes, the number of vulnerabilities has increased considerably. Cross-site scripting (XSS) attacks are one of the most common attacks that use vulnerabilities in web applications. There are three types of cross-site scripting attacks namely, reflected, stored, and DOM-based attacks. Reflected XSS attacks are the most common type that is usually implemented by injecting a malicious code into the URL and then sending the URL to the targeted system by using phishing methods, which is a significant threat for recent web applications. Our motivation is the lack of a high-performance detection method of reflected XSS attacks with high accuracy. In this paper, we propose a hybrid machine learning model to detect vulnerabilities related to reflected XSS attacks for a given URL of a website. Our model uses a scanner to discover vulnerabilities in a web site and convolutional neural networks to predict the most common vulnerabilities that may be used for reflected XSS attacks, which makes the proposed model hybrid. We analyzed the model experimentally. Analyses results show that the proposed model is able to detect vulnerable attack surfaces with 99 % accuracy.
AU  - Buz, Beraat
AU  - Gülçiçek, Berke
AU  - Bahtiyar, Serif
DO  - 10.17694/bajece.927417
PY  - 2021
JO  - Balkan Journal of Electrical and Computer Engineering
VL  - 9
IS  - 3
SN  - 2147-284X
SP  - 235
EP  - 241
DB  - TRDizin
UR  - http://search/yayin/detay/471845
ER  -