Wang, Qiuhua and Li, Chuangchuang and Yuan, Lifeng and Wang, Dong and Wang, Yeru and Ren, Yizhi and Meng, Weizhi (2025) An XSS Attack Detection Model Based on Two-Stage AST Analysis. IEEE Transactions on Dependable and Secure Computing. ISSN 1545-5971
![[thumbnail of TDSC-2023-04-0369]](https://eprints.lancs.ac.uk/style/images/fileicons/text.png)
TDSC-2023-04-0369.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (697kB)
Abstract
Cross-site scripting (XSS) attacks pose a significant threat to web applications and user privacy, with the number of such attacks rapidly increasing. Although existing machine learning and deep learning-based XSS attack detection models are effective against common XSS attacks, these models all overlook their own security and often fail to defend against adversarial samples that exploit model vulnerabilities, allowing attackers to successfully bypass these models by using XSS adversarial samples. To address this challenge, in this paper, we propose a novel XSS attack detection model based on two-stage Abstract Syntax Tree (AST) analysis and Long Short-Term Memory (LSTM) neural networks, effectively mitigating the impact of adversarial samples. Our model leverages the ability of AST parsing and analysis of HTML and JavaScript code to effectively eliminate redundant information and adversarial perturbations introduced by adversarial samples. The two-stage process first extracts JavaScript code from the HTML AST, then identifies malicious code fragments from the JavaScript AST. Finally, the LSTM neural network is trained to classify samples as malicious or benign. By analyzing the HTML and JavaScript components of web pages, our model identifies and eliminates adversarial perturbations that interfere with detection, significantly enhancing the security and reliability of the detection process. Extensive experiments on real datasets demonstrate our model's superior performance, achieving an accuracy rate of 0.991 and an F1 score of 0.998 against standard XSS samples, outperforming existing models. More importantly, when facing adversarial XSS samples, most existing detection models exhibit severe robustness degradation with the detection rate (DR) below 0.880, whereas our model maintains a detection rate of over 0.982, significantly higher than state-of-the-art models and demonstrating its significant effectiveness in defending against XSS adversarial attacks.