Noor Ullah Bacha¹, Songfeng Lu¹, Attiq Ur Rehman¹, Muhammad Idrees², Yazeed Yasin Ghadi³, Tahani Jaser Alahmadi^4,*

CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 707-748, 2024, DOI:10.32604/cmc.2024.054780 - 15 October 2024

Abstract Cross-Site Scripting (XSS) remains a significant threat to web application security, exploiting vulnerabilities to hijack user sessions and steal sensitive data. Traditional detection methods often fail to keep pace with the evolving sophistication of cyber threats. This paper introduces a novel hybrid ensemble learning framework that leverages a combination of advanced machine learning algorithms—Logistic Regression (LR), Support Vector Machines (SVM), eXtreme Gradient Boosting (XGBoost), Categorical Boosting (CatBoost), and Deep Neural Networks (DNN). Utilizing the XSS-Attacks-2021 dataset, which comprises 460 instances across various real-world traffic-related scenarios, this framework significantly enhances XSS attack detection. Our approach, which… More >

Qiurong Qin, Yueqin Li^*, Yajie Mi, Jinhui Shen, Kexin Wu, Zhenzhao Wang

CMC-Computers, Materials & Continua, Vol.80, No.1, pp. 843-874, 2024, DOI:10.32604/cmc.2024.051769 - 18 July 2024

Abstract In the era of the Internet, widely used web applications have become the target of hacker attacks because they contain a large amount of personal information. Among these vulnerabilities, stealing private data through cross-site scripting (XSS) attacks is one of the most commonly used attacks by hackers. Currently, deep learning-based XSS attack detection methods have good application prospects; however, they suffer from problems such as being prone to overfitting, a high false alarm rate, and low accuracy. To address these issues, we propose a multi-stage feature extraction and fusion model for XSS detection based on… More >

Abdulgbar A. R. Farea¹, Gehad Abdullah Amran^2,*, Ebraheem Farea³, Amerah Alabrah^4,*, Ahmed A. Abdulraheem⁵, Muhammad Mursil⁶, Mohammed A. A. Al-qaness⁷

CMC-Computers, Materials & Continua, Vol.76, No.3, pp. 3605-3622, 2023, DOI:10.32604/cmc.2023.040121 - 08 October 2023

Abstract E-commerce, online ticketing, online banking, and other web-based applications that handle sensitive data, such as passwords, payment information, and financial information, are widely used. Various web developers may have varying levels of understanding when it comes to securing an online application. Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the Open Web Application Security Project (OWASP) for its 2017 Top Ten List Cross Site Scripting (XSS). An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws. Many published articles focused on… More >

Deris Stiawan¹, Ali Bardadi¹, Nurul Afifah¹, Lisa Melinda¹, Ahmad Heryanto¹, Tri Wanda Septian¹, Mohd Yazid Idris², Imam Much Ibnu Subroto³, Lukman⁴, Rahmat Budiarto^5,*

Computer Systems Science and Engineering, Vol.46, No.2, pp. 1759-1774, 2023, DOI:10.32604/csse.2023.034047 - 09 February 2023

Abstract The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This… More >

Ahmed Abdullah Alqarni¹, Nizar Alsharif¹, Nayeem Ahmad Khan^1,*, Lilia Georgieva², Eric Pardade³, Mohammed Y. Alzahrani¹

CMC-Computers, Materials & Continua, Vol.70, No.2, pp. 4075-4085, 2022, DOI:10.32604/cmc.2022.020389 - 27 September 2021

Abstract The rapid growth and uptake of network-based communication technologies have made cybersecurity a significant challenge as the number of cyber-attacks is also increasing. A number of detection systems are used in an attempt to detect known attacks using signatures in network traffic. In recent years, researchers have used different machine learning methods to detect network attacks without relying on those signatures. The methods generally have a high false-positive rate which is not adequate for an industry-ready intrusion detection product. In this study, we propose and implement a new method that relies on a modular deep More >