Autors: Ivanova, M. S., Rozeva, A. G.
Title: Detection of XSS Attack and Defense of REST Web Service Machine Learning Perspective
Keywords: fuzzy logic; machine learning; REST web service defense; XSS

Abstract: The paper presents a machine learning approach for detection of stored XSS attack and for defense of REST web service. For this purpose, a XML-based REST web service is developed in JAVA, which is tested and attacked in specially created test-bed simulation environment, consisting of IntelliJ IDEA environment, Postman and web browser. The obtained data sets are processed resulting in the selection of 30 out of 171 features for further treatment. Supervised machine learning classifiers: Random Forest, Random Tree, Decision Tree and Gradient Boosted Tree are used for the detection of known attacks and clustering algorithm k-Means for the identification of unknown threats. The efficiency of implementing machine learning algorithms is evaluated and the results confirm their high accuracy. In addition fuzzy sets and fuzzy logic theory is utilized for solving multi-criteria task in support of decision making for web service defense.

References

    Issue

    5th International Conference on Machine Learning and Soft Computing, ICMLSC 2021/ACM International Conference Proceeding Series, pp. 22-28, 2021, Vietnam, Association for Computing Machinery, New York, NY, United States, ISBN:978-1-4503-8761-3/https://doi.org/10.1145/3453800.3453805

    Copyright Association for Computing Machinery, New York, NY, United States

    Цитирания (Citation/s):
    1. Md. M. Hassan, B. R. Ahmad, A. Esha, R. Risha, M. S. Hasan, Important factors to remember when constructing a cross-site scripting prevention mechanism, Bulletin of Electrical Engineering and Informatics, 11(2), 2022, 965-973, ISSN: 2302-9285, DOI: 10.11591/eei.v11i2.3557 - 2022 - в издания, индексирани в Scopus или Web of Science
    2. A. H. Eyeleko and T. Feng, A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario, in IEEE Internet of Things Journal, vol. 10, no. 24, pp. 21917-21941, 15 Dec.15, 2023, doi: 10.1109/JIOT.2023.3308195. - 2023 - в издания, индексирани в Scopus или Web of Science
    3. G. Rodríguez-Galán, J. Torres, Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing. Ann. Telecommun. (2024). https://doi.org/10.1007/s12243-024-01022-8 - 2024 - в издания, индексирани в Scopus или Web of Science
    4. H. Peng, S. Bao and L. Li, "A Survey of Security Protection Methods for Deep Learning Model," in IEEE Transactions on Artificial Intelligence, vol. 5, no. 4, pp. 1533-1553, April 2024, doi: 10.1109/TAI.2023.3314398. - 2024 - в издания, индексирани в Scopus или Web of Science

    Вид: публикация в международен форум, публикация в издание с импакт фактор, публикация в реферирано издание, индексирана в Scopus