|Autors: Ivanova, M. S., Rozeva, A. G.|
Title: Detection of XSS Attack and Defense of REST Web Service Machine Learning Perspective
Keywords: fuzzy logic; machine learning; REST web service defense; XSS stored attack
Abstract: The paper presents a machine learning approach for detection of stored XSS attack and for defense of REST web service. For this purpose, a XML-based REST web service is developed in JAVA, which is tested and attacked in specially created test-bed simulation environment, consisting of IntelliJ IDEA environment, Postman and web browser. The obtained data sets are processed resulting in the selection of 30 out of 171 features for further treatment. Supervised machine learning classifiers: Random Forest, Random Tree, Decision Tree and Gradient Boosted Tree are used for the detection of known attacks and clustering algorithm k-Means for the identification of unknown threats. The efficiency of implementing machine learning algorithms is evaluated and the results confirm their high accuracy. In addition fuzzy sets and fuzzy logic theory is utilized for solving multi-criteria task in support of decision making for web service defense.
1. Md. M. Hassan, B. R. Ahmad, A. Esha, R. Risha, M. S. Hasan, Important factors to remember when constructing a cross-site scripting prevention mechanism, Bulletin of Electrical Engineering and Informatics, 11(2), 2022, 965-973, ISSN: 2302-9285, DOI: 10.11591/eei.v11i2.3557 - 2022 - в издания, индексирани в Scopus или Web of Science
Вид: публикация в международен форум, публикация в издание с импакт фактор, публикация в реферирано издание, индексирана в Scopus