Open AccessAn Improved Tool for Detection of XSS Attacks by Combining CNN with LSTM
Author(s) -
Caio Lente,
Roberto Hirata,
Daniel Batista
Publication year - 2021
Language(s) - English
Resource type - Conference proceedings
DOI - 10.5753/sbseg_estendido.2021.17333
Subject(s) - cross site scripting , computer science , convolutional neural network , speedup , scripting language , artificial intelligence , deep learning , machine learning , parallel computing , programming language , web application security , web service , web development
Cross-Site Scripting (XSS) is still a significant threat to web applications. By combining Convolutional Neural Networks (CNN) with Long ShortTerm Memory (LSTM) techniques, researchers have developed a deep learning system called 3C-LSTM that achieves upwards of 99.4% accuracy when predicting whether a new URL corresponds to a benign locator or an XSS attack. This paper improves on 3C-LSTM by proposing different network architectures and validation strategies and identifying the optimal structure for a more efficient, yet similarly accurate, version of 3C-LSTM. The authors identify larger batch sizes, smaller inputs, and cross-validation removal as modifications to achieve a speedup of around 3.9 times in the training step.