Abstract: Cross-site scripting (XSS) attack is one of the most serious cyber-attacks. Traditional XSS detection methods mainly focus on the vulnerability itself, relying on static analysis and dynamic analysis, which appear weak in defending the flood of various kinds of payloads. An XSS attack detection method is proposed based on the Bayesian network, in which the nodes are acquired with domain knowledge. The ontology constructed with domain knowledge provides a good basis for feature selection, and 17 features have been abstracted from it; besides, malicious IPs and malicious domain names collected from open source channels make effective complement rules for the detection of new attacks. To validate the proposed method, experiments were conducted on a collected real-world dataset about XSS attacks. The results show that the proposed method could maintain a detection accuracy of above 90%.

Key words: cross-site scripting (XSS) attack detection, bayesian network, domain knowledge, malicious IP, malicious domain name