| Autors: Ivanova, M. S., Rozeva, A. G. Title: Detection of XSS Attack and Defense of REST Web Service Machine Learning Perspective Keywords: fuzzy logic; machine learning; REST web service defense; XSS Abstract: The paper presents a machine learning approach for detection of stored XSS attack and for defense of REST web service. For this purpose, a XML-based REST web service is developed in JAVA, which is tested and attacked in specially created test-bed simulation environment, consisting of IntelliJ IDEA environment, Postman and web browser. The obtained data sets are processed resulting in the selection of 30 out of 171 features for further treatment. Supervised machine learning classifiers: Random Forest, Random Tree, Decision Tree and Gradient Boosted Tree are used for the detection of known attacks and clustering algorithm k-Means for the identification of unknown threats. The efficiency of implementing machine learning algorithms is evaluated and the results confirm their high accuracy. In addition fuzzy sets and fuzzy logic theory is utilized for solving multi-criteria task in support of decision making for web service defense. References Issue
Copyright Association for Computing Machinery, New York, NY, United States |
Цитирания (Citation/s):
1. Md. M. Hassan, B. R. Ahmad, A. Esha, R. Risha, M. S. Hasan, Important factors to remember when constructing a cross-site scripting prevention mechanism, Bulletin of Electrical Engineering and Informatics, 11(2), 2022, 965-973, ISSN: 2302-9285, DOI: 10.11591/eei.v11i2.3557 - 2022 - в издания, индексирани в Scopus и/или Web of Science
2. A. H. Eyeleko and T. Feng, A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario, in IEEE Internet of Things Journal, vol. 10, no. 24, pp. 21917-21941, 15 Dec.15, 2023, doi: 10.1109/JIOT.2023.3308195. - 2023 - в издания, индексирани в Scopus и/или Web of Science
3. G. Rodríguez-Galán, J. Torres, Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing. Ann. Telecommun. (2024). https://doi.org/10.1007/s12243-024-01022-8 - 2024 - в издания, индексирани в Scopus и/или Web of Science
4. H. Peng, S. Bao and L. Li, "A Survey of Security Protection Methods for Deep Learning Model," in IEEE Transactions on Artificial Intelligence, vol. 5, no. 4, pp. 1533-1553, April 2024, doi: 10.1109/TAI.2023.3314398. - 2024 - в издания, индексирани в Scopus и/или Web of Science
5. Ntim Yeboah P., Kayes A.S.M., Rahayu W., Pardede E., Mahbub S., A systematic literature survey of machine learning approaches to cyber data breach detection: Current research issues and future directions, 2026, Computer Networks, issue 0, vol. 280, DOI 10.1016/j.comnet.2026.112179, issn 13891286 - 2026 - в издания, индексирани в Scopus
6. Tamariz-Moreno A.M., Carrera-Colorado E., Ocharan-Hernandez J.O., Perez-Arriaga J.C., Limon X., Vulnerabilities and Secure Design Strategies in RESTful Web APIs: A Systematic Literature Review, 2025, Proceedings 2025 13th International Conference in Software Engineering Research and Innovation Conisoft 2025, issue 0, pp. 233-242, DOI 10.1109/CONISOFT66928.2025.00038 - 2026 - в издания, индексирани в Scopus
Вид: публикация в международен форум, публикация в издание с импакт фактор, публикация в реферирано издание, индексирана в Scopus
