Cross Site Scripting Attack Detection Approach Based on LSTM Encoder-Decoder and Word Embeddings


  • Rokia Lamrani Alaoui LISAC Laboratory. Department of Computer Science. University Sidi Mohamed Ben Abdallah, Faculty of Science Dhar El Mahraz, Fez , Morocco
  • El Habib Nfaoui LISAC Laboratory. Department of Computer Science . University Sidi Mohamed Ben Abdallah, Faculty of Science Dhar El Mahraz, Fez , Morocco.


Deep learning, Encoder-Decoder, Cross Site Scripting attack, Web security, word embedding, XSS


Web applications are the main target of Cyber Attacks. Cross-Site Scripting (XSS) is one of the most serious web attacks. Through the use of XSS, cybercriminals are able to turn trusted websites into malicious ones, resulting in extreme harm and damage to both the victims and the reputation of the website owner. According to the Open Web Application Security Project (OWASP) survey, XSS has been ranked in the top 10 web application vulnerabilities since 2017. Though its real danger, only 10 research works studied XSS attacks between 2010 and 2021 as reported recently by a systematic literature review on web attacks detection using Deep Learning. On the other hand, in many Natural Language Processing (NLP) applications, the use of word embeddings and Deep Encoder-Decoder models has considerably improved the performance of downstream NLP tasks. Thereby, in this work, we proposed a Deep Learning approach based on LSTM Encoder-Decoder and free-context word embedding for XSS attacks detection. Then, we implemented the proposed model and compared it with state-of-the-art approaches. The experimental results show that our model achieves good results; 99.08% Accuracy, 99.09% precision, and 99.08% Recall.


Download data is not yet available.


OWASP, "Top 10 Web Application Security Risks," 2017. [Online].

R. L. Alaoui and E. H. Nfaoui, "Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review," Future Internet, vol. 14, no. 4, p. 118, 2022.

R. L. Alaoui and E. H. Nfaoui, "Web attacks detection using stacked generalization ensemble for LSTMs and word embedding," 2022.

A. M. Vartouni, S. S. Kashi and M. Teshnehlab, "An anomaly detection method to detect web attacks using Stacked Auto-Encoder," 2018.

Z.-Q. Qin, X.-K. Ma and Y.-J. Wang, "Attentional Payload Anomaly Detector for Web Applications," Springer International Publishing, 2018, pp. 588-599.

D. Tripathy, R. Gohil and T. Halabi, "Detecting SQL Injection Attacks in Cloud SaaS using Machine Learning," 2020.

R. Kadhim and M. Gaata, "A hybrid of CNN and LSTM methods for securing web application against cross-site scripting attack," Indones. J. Electr. Eng. Comput. Sci, vol. 21, pp. 1022-1029, 2020.

T. Liu, Y. Qi, L. Shi and J. Yan, "Locate-Then-Detect: Real-time Web Attack Detection via Attention-based Deep Neural Networks.," 2019.

W. Rong, B. Zhang and X. Lv, "Malicious web request detection using character-level CNN," 2019.

F. M. M. Mokbal, W. Dan, A. Imran, L. Jiuchuan, F. Akhtar and W. Xiaoxi, "MLPXSS: an integrated XSS-based attack detection scheme in web applications using multilayer perceptron technique," IEEE Access, vol. 7, pp. 100567-100580, 2019.

C. Luo, Z. Tan, G. Min, J. Gan, W. Shi and Z. Tian, "A novel web attack detection system for internet of things via ensemble classification," IEEE Transactions on Industrial Informatics, vol. 17, no. 8, pp. 5810-5818, 2020.

W. Melicher, C. Fung, L. Bauer and L. Jia, "Towards a lightweight, hybrid approach for detecting dom xss vulnerabilities with machine learning," 2021.

H. Maurel, S. Vidal and T. Rezk, "Statically identifying XSS using deep learning," Science of Computer Programming, vol. 219, p. 102810, 2022.

T. Chen, Y. Chen, M. Lv, G. He, T. Zhu, T. Wang and Z. Weng, "A Payload Based Malicious HTTP Traffic Detection Method Using Transfer Semi-Supervised Learning," Applied Sciences, vol. 11, no. 16, p. 7188, 2021.

Y. Fang, Y. Li, L. Liu and C. Huang, "DeepXSS: Cross site scripting detection based on deep learning," 2018.

GitHub, "XSS dataset," 2018. [Online].

T. Mikolov, K. Chen, G. Corrado and J. Dean, "Efficient estimation of word representations in vector space," arXiv preprint arXiv:1301.3781, 2013.

J. Pennington, R. Socher and C. D. Manning, "Glove: Global vectors for word representation," Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), pp. 1532-1543, 2014.

P. Bojanowski, E. Grave, A. Joulin and T. Mikolov, "Enriching word vectors with subword information," Transactions of the association for computational linguistics, vol. 5, pp. 135-146, 2017.

Flow graph of XSS detection approach using LSTM encoder-decoder (training and testing stages).




How to Cite

R. . Lamrani Alaoui and E. H. . Nfaoui, “Cross Site Scripting Attack Detection Approach Based on LSTM Encoder-Decoder and Word Embeddings”, Int J Intell Syst Appl Eng, vol. 11, no. 2, pp. 277–282, Feb. 2023.



Research Article

Similar Articles

You may also start an advanced similarity search for this article.