XSSClassifier: An efficient XSS attack detection approach based on machine learning classifier on SNSs

Abstract

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as crosssite scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learningbased approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.