Proceedings of International Conference on Applied Innovation in IT  ·  2026/03/31  ·  Vol. 14  ·  Issue 1  ·  pp. 1115–1128
Feature Fusion of Pattern, Statistical, and Contextual Representations using Deep and Machine Learning for XSS Detection
Ali Nafea Yousif, Ziyad Tariq Mustafa Al-Ta'i, Widad Ismail and Hassan Muayad Ibrahim
📄 Download PDF DOI: 10.25673/123684
Abstract
Cross-Site Scripting (XSS) is still a crucial threat to web applications, enabling attackers to inject malicious scripts and compromise user security. Conventional detection methods encounter scalability and adaptability issues, while recent machine and deep learning approaches often rely on isolated features or single classifiers. This study proposes two approaches to developing XSS detection models. The first model applies an early fusion approach; it combines features derived from handcrafted patterns, statistical representations built using term frequency–inverse document frequency (TF-IDF), and sequential embeddings produced through long-short-term memory (LSTM) and gated recurrent unit (GRU) networks. The second model, based on a late feature fusion approach, extracts multiple feature types, including statistical representations from TF-IDF,
Keywords
Cross-Site Scripting (XSS) Feature Fusion Deep Learning Machine Learning.
References
  1. M. S. Chughtai, I. Bibi, S. Karim, S. W. A. Shah, A. A. Laghari, and A. A. Khan, “Deep learning trends and future perspectives of web security and vulnerabilities,” J. High Speed Netw., vol. 30, no. 1, pp. 115–146, 2024.
  2. I. J. Mohmmed, B. T. Al-Nuaimi, and D. I. S. Bakr, “Machine learning prediction models applied to weather forecasting: A survey,” Iraqi J. Sci. Eng. Res., vol. 1, no. 2, pp. 80–85, 2023.
  3. A. Hannousse, S. Yahiouche, and M. C. Nait-Hamoud, “Twenty-two years since revealing cross-site scripting attacks: A systematic mapping and a comprehensive survey,” Comput. Sci. Rev., vol. 52, pp. 100634, 2024.
  4. W. S. Ahmed, Z. T. M. Al-Ta’i, T. Abegaz, and G. S. Mahmood, “Digital forensics architecture for real-time automated evidence collection and centralization: Leveraging security lake and modern data architecture,” J. Intell. Syst., vol. 33, no. 1, pp. 20240109, 2024.
  5. T. Neumann, “Cybersecurity in maritime industry,” TransNav: Int. J. Mar. Navig. Saf. Sea Transp., vol. 18, 2024.
  6. A. S. Hussainy, M. A. Khalifa, A. Elsayed, A. Hussien, and M. A. Razek, “Deep learning toward preventing web attacks,” in Proc. IEEE Conf. on Deep Learning Toward Preventing Web Attacks, 2022, pp. 280–285.
  7. J. Kaur, U. Garg, and G. Bathla, “Detection of cross-site scripting (XSS) attacks using machine learning techniques: A review,” Artif. Intell. Rev., vol. 56, no. 11, pp. 12725–12769, 2023.
  8. S. Alazmi and D. C. De Leon, “A systematic literature review on the characteristics and effectiveness of web application vulnerability scanners,” IEEE Access, vol. 10, pp. 33200–33219, 2022.
  9. Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, “A comprehensive review of cybersecurity vulnerabilities, threats, attacks, and solutions,” Electronics, vol. 12, no. 6, pp. 1333, 2023.
  10. X. Luo, J. Li, W. Wang, Y. Gao, and W. Zhao, “Towards improving detection performance for malware with a correntropy-based deep learning method,” Digit. Commun. Netw., vol. 7, no. 4, pp. 570–579, 2021.
  11. M. Alsaffar, S. Aljaloud, B. A. Mohammed, Z. G. Al-Mekhlafi, T. S. Almurayziq, G. Alshammari, and A. Alshammari, “Detection of web cross-site scripting (XSS) attacks,” Electronics, vol. 11, no. 14, pp. 2212, 2022.
  12. W. Melicher, C. Fung, L. Bauer, and L. Jia, “Towards a lightweight, hybrid approach for detecting DOM XSS vulnerabilities with machine learning,” in Proc. Int. Conf. on Web Security, 2021, pp. 2684–2695.
  13. R. Alhamyani and M. Alshammari, “Machine learning-driven detection of cross-site scripting attacks,” Information, vol. 15, no. 7, pp. 420, 2024.
  14. G. Rodríguez-Galán and J. Torres, “Personal data filtering: A systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing,” Ann. Telecommun., vol. 79, no. 11, pp. 763–802, 2024.
  15. D. F. Somé, “MatriXSSed: A new taxonomy for XSS in the modern web,” in Proc. Int. Conf. on Web Applications Security, 2025, pp. 4662–4672.
  16. M. Paramesha, N. Rane, and J. Rane, “Artificial intelligence, machine learning, and deep learning for cybersecurity solutions: A review of emerging technologies and applications,” Mach. Learn. Deep Learn. Cybersecurity Solut., pp. 1–20, Jun. 2024.
  17. M. Liu, B. Zhang, W. Chen, and X. Zhang, “A survey of exploitation and detection methods of XSS vulnerabilities,” IEEE Access, vol. 7, pp. 182004–182016, 2019.
  18. B. Wang, I. Khan, M. White, and N. Beloff, “Federated learning for XSS detection: Analysing OOD, non-IID challenges, and embedding sensitivity,” Electronics, vol. 14, no. 17, pp. 3483, 2025.
  19. M. Krishnan, Y. Lim, S. Perumal, and G. Palanisamy, “Detection and defending the XSS attack using novel hybrid stacking ensemble learning-based DNN approach,” Digit. Commun. Netw., vol. 10, no. 3, pp. 716–727, Jun. 2024.
  20. W. Wang, P. Yi, and H. Xu, “DoubleR: Effective XSS attacking reality detection,” Comput. Netw., vol. 251, pp. 110567, 2024.
  21. J. R. Tadhani, V. Vekariya, V. Sorathiya, S. Alshathri, and W. El-Shafai, “Securing web applications against XSS and SQLi attacks using a novel deep learning approach,” Sci. Rep., vol. 14, no. 1, pp. 1803, 2024.
  22. Y. Liu, L. Wang, and Y. Dai, “XSS attack detection with deep learning and AdaBoost,” Update, vol. 100, pp. 4, 2025.
  23. Y. Zhou, E. Wang, W. Yang, W. Ge, S. Yang, Y. Zhang, W. Qu, and W. Xie, “XSShield: Defending against stored XSS attacks using LLM-based semantic understanding,” Appl. Sci., vol. 15, no. 6, pp. 3348, 2025.
  24. Z. Li, F. Liu, Z. Gu, and Y. Liu, “XSS attack detection method based on CNN-BiLSTM-Attention,” Appl. Sci., vol. 15, no. 16, pp. 8924, 2025.
  25. K. Xu, H. He, Y. Zhao, Y. Jia, P. Shi, and B. Zhang, “An adaptive XSS vulnerability detection method based on hierarchical multi-objective reward-enhanced dueling double deep Q-network,” Comput. Netw., pp. 111595, 2025.
  26. C. J. P. Abuda, “Hybrid detection framework using natural language processing (NLP) and reinforcement learning (RL) for cross-site scripting (XSS) attacks,” Int. J. Adv. Comput. Sci. Appl., vol. 16, no. 6, 2025.
  27. S. S. H. Hussain, “Cross-site scripting (XSS) dataset for deep learning,” Kaggle Dataset, 2020. [Online]. Available: https://www.kaggle.com/datasets/syedsaqlainhussain/cross-site-scripting-xss-dataset-for-deep-learning. Accessed: Apr. 12, 2025.

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

ICAIIT 2026
International Conference on Applied Innovation in IT
Navigation
Publisher
ISSN2199-8876
Publisher Edition Hochschule Anhalt
Location Anhalt University of Applied Sciences
Email leiterin.hsb@hs-anhalt.de
Phone +49 (0) 3496 67 5611
Address Building 01, Room 425
Bernburger Str. 55
D-06366 Köthen, Germany
Open Access License
CC BY-SA 4.0

All works are licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), unless otherwise noted.

Published by ICAIIT in cooperation with Anhalt University of Applied Sciences.

© 2026 ICAIIT — International Conference on Applied Innovations in IT. Anhalt University of Applied Sciences, Köthen, Germany.
Visitors: site traffic counter