Affiliation:
1. ESKİŞEHİR OSMANGAZİ ÜNİVERSİTESİ, MÜHENDİSLİK-MİMARLIK FAKÜLTESİ
Abstract
The increment developments in technology has empowered the web applications. Meanwhile, the existence of Cross-Site Scripting (XSS) vulnerabilities in web applications has become a concern for users. In spite of the numerous current detection approaches, attackers have been exploiting XSS vulnerabilities for years, causing harm to the internet users. In this paper, a text-mining based approach to detect XSS attacks in web applications is introduced. This approach is built to extract a set of features from a publicly available source code files, which are then used to build a prediction model. The findings include few comparisons between Word Tokenization and N-Gram in accuracy, time spend to build the model and AUC-ROC curve. The results show that N-Gram tokenization outperforms the Word Tokenization.
Publisher
Eskisehir Osmangazi University
Reference43 articles.
1. [1] Ying, M., Li, S. Q. 2016. CSP adoption: current status and future prospects. Security and Communication Networks, 9(17), 4557-4573.
2. [2] sucuri.net. 2022. Sucuri Security. sitecheck.sucuri.net.
3. [3] Hearst, M. A. 1999. Untangling text data mining. In Proceedings of the 37th Annual meeting of the Association for Computational Linguistics, pp. 3-10.
4. [4] Feldman, R., Dagan, I. 1995. Knowledge Discovery in Textual Databases (KDT). In KDD, Vol. 95, pp. 112-117.
5. [5] positive technologies. 2022. Threats and Vulnerabilities in Web Applications 2020–2021. www.ptsecurity.com/ww-en/analytics/web-vulnerabilities-2020-2021/