XSS filter evasion using reinforcement learning to assist cross-site scripting testing

Biswajit Mondal; Abhijit Banerjee; Subir Gupta

doi:10.53730/ijhs.v6nS2.8167

Authors

Biswajit Mondal Computer Science and Engineering, Dr. B C Roy Engineering College, Durgapur, 713206, West Bengal, India
Abhijit Banerjee Electronics and Communication Engineering, Dr. B C Roy Engineering College, Durgapur, 713206, West Bengal, India
Subir Gupta
subir2276@gmail.com
Computer Science and Engineering, Dr. B C Roy Engineering College, Durgapur, 713206, West Bengal, India

Keywords:

cyber security, reinforcement learning, machine learning, XSS

Abstract

Machine learning and deep learning are widely utilized and highly effective in attack classifiers. Little research has been undertaken on detecting and protecting cross-site scripting, leaving artificial intelligence systems susceptible to adversarial assaults (XSS). It is crucial to develop a mechanism for increasing the algorithm's resilience to assault. This study intends to utilize reinforcement learning to enhance XSS detection and adversarial combat attacks. Before mining the detection model's hostile inputs, the model's information is extracted using a reinforcement learning framework. Second, the detection technique is simultaneously trained using an adversarial strategy. Every cycle, the classification method is educated with freshly discovered harmful data. The proposed XSS model effectively mines destructive inputs missed by either black-box or white-box detection systems during the experimental phase. It is possible to train assault and detection models to enhance their capacity to protect themselves, leading to a lower rate of escape due to this training.

Downloads

Download data is not yet available.

References

A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, "Toward developing a systematic approach to generate benchmark datasets for intrusion detection," Comput. Secur., vol. 31, no. 3, pp. 357–374, May 2012, doi: 10.1016/j.cose.2011.12.012.

Q. Xu, J. Erman, A. Gerber, Z. Mao, J. Pang, and S. Venkataraman, "Identifying diverse usage behaviors of smartphone apps," in Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, 2011, pp. 329–344, doi: 10.1145/2068816.2068847.

B. Mondal, A. Banerjee, and S. Gupta, "review of SQLI detection strategies using machine learning," Int. J. Health Sci. (Qassim)., pp. 9663–9676, May 2022, doi: 10.53730/ijhs.v6nS2.7519.

B. Mondal, C. Koner, M. Chakraborty, and S. Gupta, "Detection and Investigation of DDoS Attacks in Network Traffic using Machine Learning Algorithms," Int. J. Innov. Technol. Explor. Eng., vol. 11, no. 6, pp. 1–6, May 2022, doi: 10.35940/ijitee.F9862.0511622.

L. Erdődi, Å. Å. Sommervoll, and F. M. Zennaro, "Simulating SQL injection vulnerability exploitation using Q-learning reinforcement learning agents," J. Inf. Secur. Appl., vol. 61, no. July, p. 102903, 2021, doi: 10.1016/j.jisa.2021.102903.

D. Chen, P. Wawrzynski, and Z. Lv, "Cyber security in smart cities: A review of deep learning-based applications and case studies," Sustain. Cities Soc., vol. 66, p. 102655, Mar. 2021, doi: 10.1016/j.scs.2020.102655.

M. Baş Seyyar, F. Ö. Çatak, and E. Gül, "Detection of attack-targeted scans from the Apache HTTP Server access logs," Appl. Comput. Informatics, vol. 14, no. 1, pp. 28–36, 2018, doi: 10.1016/j.aci.2017.04.002.

H. Hanif, M. H. N. Md Nasir, M. F. Ab Razak, A. Firdaus, and N. B. Anuar, "The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches," J. Netw. Comput. Appl., vol. 179, no. August 2020, p. 103009, 2021, doi: 10.1016/j.jnca.2021.103009.

K. Natarajan and S. Subramani, "Generation of Sql-injection Free Secure Algorithm to Detect and Prevent Sql-Injection Attacks," Procedia Technol., vol. 4, pp. 790–796, 2012, doi: 10.1016/j.protcy.2012.05.129.

H. Gao, S. Cheng, and W. Zhang, "GDroid: Android malware detection and classification with graph convolutional network," Comput. Secur., vol. 106, Jul. 2021, doi: 10.1016/j.cose.2021.102264.

M. Breeding, "Current and future trends in information technologies for information units," Prof. la Inf., vol. 21, no. 1, pp. 9–15, 2012, doi: 10.3145/epi.2012.ene.02.

S. Gupta, J. Sarkar, A. Banerjee, N. R. Bandyopadhyay, and S. Ganguly, "Grain Boundary Detection and Phase Segmentation of SEM Ferrite–Pearlite Microstructure Using SLIC and Skeletonization," J. Inst. Eng. Ser. D, vol. 100, no. 2, pp. 203–210, Oct. 2019, doi: 10.1007/s40033-019-00194-1.

S. Gupta, J. Sarkar, M. Kundu, N. R. Bandyopadhyay, and S. Ganguly, "Automatic recognition of SEM microstructure and phases of steel using LBP and random decision forest operator," Measurement, vol. 151, p. 107224, Feb. 2020, doi: 10.1016/j.measurement.2019.107224.

S. Gupta et al., "Modelling the steel microstructure knowledge for in-silico recognition of phases using machine learning," Mater. Chem. Phys., vol. 252, no. May, p. 123286, Sep. 2020, doi: 10.1016/j.matchemphys.2020.123286.

S. Gupta, "Chan-vese segmentation of SEM ferrite-pearlite microstructure and prediction of grain boundary," Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 10, pp. 1495–1498, 2019, doi: 10.35940/ijitee.A1024.0881019.

D. A. Linkens et al., "Materials discovery and design using machine learning," Comput. Mater. Sci., vol. 3, no. 3, pp. 1661–1668, 2016, doi: 10.1016/j.commatsci.2016.05.034.

S. Rao, A. K. Verma, and T. Bhatia, "A review on social spam detection: Challenges, open issues, and future directions," Expert Systems with Applications, vol. 186. 2021, doi: 10.1016/j.eswa.2021.115742.

A. Mchergui, T. Moulahi, and S. Zeadally, "Survey on Artificial Intelligence (AI) techniques for Vehicular Ad-hoc Networks (VANETs)," Veh. Commun., vol. 1, p. 100403, 2021, doi: 10.1016/j.vehcom.2021.100403.