Classification of cross site scripting web pages using machine learning techniques

Abstract

There are many web application threats such as SQL injection and Cross Site Scripting. According to OWASP 2013 security report, Cross Site Scripting came in third place. Cross Site Scripting is an attack that targets web applications which lack security countermeasures against untrusted data that is provided by the user, and this attack take advantage of these web applications because they do not apply any input validation or output sanitization methods. Few previous works which used machine learning to detect cross site scripting attacks via classification of the web pages into two classes; malicious or benign. The previous works used too many features which considered as irrelevant and noise data because they do not have significant value on accuracy ratio which would cause complexity and decrease the performance of the classification process. They also used URL features which considered unnecessary since URL is considered as the entry point of the attack but cannot activate it since all the different kinds of cross site scripting get activated and run inside the HTML source code. In this study, we focus on how to implement feature selection through Information Gain (IG) to select the most significant features that lead to better performance and less execution time. The selected features used to classify the datasets with three different classifiers to test the performance of these features. The features used in this study were used by previous works, however with IG feature selection, we selected 14 features as the most significant features and the accuracy obtained by using these features was 95.78% compared to when using all features which was 93.11%. The recall was also improved from 88% when all features used to 92.33% when only using the 14 selected features.