RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

With the development of artificial intelligence, machine learning algorithms and deep learning algorithms are widely applied to attack detection models. Adversarial attacks against artificial intelligence models become inevitable problems when there is a lack of research on the cross-site scripting (XSS) attack detection model for defense against attacks. It is extremely important to design a method that can effectively improve the detection model against attack. In this paper, we present a method based on reinforcement learning (called RLXSS), which aims to optimize the XSS detection model to defend against adversarial attacks. First, the adversarial samples of the detection model are mined by the adversarial attack model based on reinforcement learning. Secondly, the detection model and the adversarial model are alternately trained. After each round, the newly-excavated adversarial samples are marked as a malicious sample and are used to retrain the detection model. Experimental results show that the proposed RLXSS model can successfully mine adversarial samples that escape black-box and white-box detection and retain aggressive features. What is more, by alternately training the detection model and the confrontation attack model, the escape rate of the detection model is continuously reduced, which indicates that the model can improve the ability of the detection model to defend against attacks.

[1]  Shuyuan Jin,et al.  XSS Vulnerability Detection Using Optimized Attack Vector Repertory , 2015, 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[2]  David Silver,et al.  Deep Reinforcement Learning with Double Q-Learning , 2015, AAAI.

[3]  Lior Rokach,et al.  Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers , 2017, RAID.

[4]  B. Janet,et al.  Web Application Vulnerabilities - The Hacker's Treasure , 2018, 2018 International Conference on Inventive Research in Computing Applications (ICIRCA).

[5]  Kouichi Sakurai,et al.  One Pixel Attack for Fooling Deep Neural Networks , 2017, IEEE Transactions on Evolutionary Computation.

[6]  K. P. Jevitha,et al.  Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithms , 2014, ICONIAAC '14.

[7]  Yuexiang Yang,et al.  Enhancing Machine Learning Based Malware Detection Model by Reinforcement Learning , 2018, ICCNS.

[8]  C. Malarvizhi,et al.  A Survey on Detection and Prevention of Cross-Site Scripting Attack , 2015 .

[9]  Sanjay Rawat,et al.  KameleonFuzz: evolutionary fuzzing for black-box XSS detection , 2014, CODASPY '14.

[10]  Yang Li,et al.  DeepXSS: Cross Site Scripting Detection Based on Deep Learning , 2018, ICCAI.

[11]  Jong Hyuk Park,et al.  XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs , 2017, J. Inf. Process. Syst..

[12]  Jugal K. Kalita,et al.  A survey of detection methods for XSS attacks , 2018, J. Netw. Comput. Appl..

[13]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[14]  Alex Graves,et al.  Playing Atari with Deep Reinforcement Learning , 2013, ArXiv.

[15]  Bill Chu,et al.  Detecting Cross-Site Scripting Vulnerabilities through Automated Unit Testing , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS).