Cross-Site Scripting Attack Detection Based on Hidden Markov Model

Abstract

Cross-Site Scripting (XSS) is a well-known type of web vulnerabilities which allows attackers to in-ject the malicious scripts or codes to compromise the web application services. Based on the characteristics of client side script language, the attackers can launch XSS attack by a single HTTP request to a website easily. Therefore, detection of XSS is a critical issue for all website manag-ers. In this paper, based on a machine learning approach, we propose a new method to detect XSS attacks on a web server. We preprocess an HTTP request to a token se-quence, and utilize Hidden Markov Model to determine whether an XSS attack exists in the HTTP request. By filtering HTTP requests on the server side, our approach can label each HTTP request whether it is an XSS attack or not. Moreover, apart from other related methods, ours takes the proximity into consideration. The pro-posed system performs well with high accuracy rate on a real data set collected from a private telecom company.