RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Fang, Yong; Huang, Cheng; Xu, Yijia; Li, Yang

doi:10.3390/fi11080177

Cited by 29 publications

(11 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Fang et al [127] proposed a system that incorporates a detection model and an adversarial attack model. XSS payloads detected by the detection model are subjected to a set of disguising actions performed by an agent based on a Double Deep Q-Network algorithm (DDQN).…”

Section: Machine Learningmentioning

confidence: 99%

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Hannousse¹,

Yahiouche²,

Nait-Hamoud³

2022

Preprint

View full text Add to dashboard Cite

Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its reveal in late 1999 by Microsoft security engineers, several techniques have been developed in the aim to secure web navigation and protect web applications against XSS attacks. The problem became worse with the emergence of advanced web technologies such as Web services and APIs and new programming styles such as AJAX, CSS3 and HTML5. While new technologies enable complex interactions and data exchanges between clients and servers in the network, new programming styles introduce new and complicate injection flaws to web applications. XSS has been and still in the TOP 10 list of web vulnerabilities reported by the Open Web Applications Security Project (OWASP). Consequently, handling XSS attacks became one of the major concerns of several web security communities. In this paper, we contribute by conducting a systematic mapping and a comprehensive survey. We summarize and categorize existent endeavors that aim to protect against XSS attacks and develop XSS-free web applications. The present review covers 147 high quality published studies since 1999 including early publications of 2022. A comprehensive taxonomy is drawn out describing the different techniques used to prevent, detect, protect and defend against XSS attacks. Although the diversity of XSS attack types and the scripting languages that can be used to state them, the systematic mapping revealed a remarkable bias toward basic and JavaScript XSS attacks and a dearth of vulnerability repair mechanisms. The survey highlighted the limitations, discussed the potentials of existing XSS attack defense mechanisms and identified potential gaps.

show abstract

Section: Machine Learningmentioning

confidence: 99%

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Hannousse¹,

Yahiouche²,

Nait-Hamoud³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Functian strip_tag juga digunakan pecegahan dapat juga dilakukan dengan pembatasan pada alphanumeric Features berupa pembatasan pada Readability, Objects, Events, Methods, Tags, Attributes, Reserved, Functions, Protocol, Letters, Numbers [5]. Pencegahan dari serangan XSS juga dapat digunakan dengan menggunakan metacharacter khusus yang digunakan dalam sebuah script, selain itu fungsi html_specialchars() dapat digunakan untuk merubah format HTML diantaranya: 1) & (ampersand) menjadi &amp, 2) single quote menjadi &#039, 3) (double quote) menjadi & quo [6]. Namun cara diatas masih kurang efektif, langkah yang lebih efektif yaitu menggunakan autentikasi token [7].…”

Section: Pendahuluanunclassified

Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting

2021

View full text Add to dashboard Cite

In the millennial era, the internet has become a very basic need to support community activities in various fields, one of which is education. SMK Maritim Nusantara in supporting the learning process uses a web-based application called e-learning which is used by teachers and students. The school website has several documents in digital form that must be kept confidential, such as student data, teacher data, student grades. After scanning using the Acunetix WVS 10.5 application, information was obtained about the security holes found on the website https://www.e-learning.smkmn.sch.id, with the results of which there were 8 (eight) attacks with details, 2 (two). ) a hight category with the name Cross site scripting (XSS) attack, 4 (four) medium categories with the name HTML form attack without CSRF protection and 2 (two) low categories with the name Password type input attack with auto-complete enabled. The most dangerous attack category / hight is XSS. XSS attack is an attack that inserts malicious code in the form of javascript through an input form that aims to steal cookies and then uses the cookie to enter the web legally so that data can be manipulated and even deleted. For this reason, a strong system is needed to maintain security, confidentiality of school data, one way that can be used is by implementing the Standard Advance Encryption Algorithm (AES), this algorithm has a high level of security and uses little memory in its operation so that it does not burdensome to process and easy to implement. The results of research conducted by applying the AES Algorithm explain that previously there were 2 (two) high category vulnerabilities called XSS attacks, after the implementation of the AES Algorithm, the XSS attack vulnerability was no longer found. Based on the results obtained in the study, it can be concluded that the implementation of the AES Algorithm in tokens can improve the security of the https://www.e-learning.smkmn.sch.id website from XSS attacks.

show abstract

“…Y Ji et al [21] proposed a novel energy management approach for real-time scheduling of an microgrid. Y. Fang et al [22] proposed a reinforcement learning method to optimize the XSS detection model to defend against adversarial attacks. In the past, researchers have proposed a large number of optimization methods, such as NSGA-III variants [23].…”

Section: Reinforcement Learning and Its Applicationsmentioning

confidence: 99%

An Intelligent TCP Congestion Control Method Based on Deep Q Network

Wang

Dong

2021

Future Internet

View full text Add to dashboard Cite

To optimize the data migration performance between different supercomputing centers in China, we present TCP-DQN, which is an intelligent TCP congestion control method based on DQN (Deep Q network). The TCP congestion control process is abstracted as a partially observed Markov decision process. In this process, an agent is constructed to interact with the network environment. The agent adjusts the size of the congestion window by observing the characteristics of the network state. The network environment feeds back the reward to the agent, and the agent tries to maximize the expected reward in an episode. We designed a weighted reward function to balance the throughput and delay. Compared with traditional Q-learning, DQN uses double-layer neural networks and experience replay to reduce the oscillation problem that may occur in gradient descent. We implemented the TCP-DQN method and compared it with mainstream congestion control algorithms such as cubic, Highspeed and NewReno. The results show that the throughput of TCP-DQN can reach more than 2 times of the comparison method while the latency is close to the three compared methods.

show abstract

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Cited by 29 publications

References 13 publications

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting

An Intelligent TCP Congestion Control Method Based on Deep Q Network

Contact Info

Product

Resources

About