GraphXSS: An efficient XSS payload detection approach based on graph convolutional network

With the rapid development of the Internet age today, Web applications have become very common in modern society. Web applications are often applied to a social network, media, management, etc., and usually contain a large amount of personal privacy information, which makes Web applications a common target for hackers. The most common method for stealing private information from web applications is cross-site scripting attacks. Attackers frequently use cross-site scripting vulnerabilities to steal victims’ identity information or hijack login tokens. Therefore, we proposed a cross-site scripting payload detection model based on graph convolutional networks, which could identify the cross-site scripting payload in the content submitted by the user (We termed our implementation of this approach, GraphXSS). We preprocessed the sample, and constructed the processed data into a graph structure, and finally used the graph convolutional network and the residual network to train the cross-site scripting detection model. In experiments, the model based on graph convolutional network (GCN) could achieve AUC value of 0.997 under small sample conditions. Compared with the detection model after adding the residual network structure, the model could converge and stabilize under the multi-layer, and could make the accuracy rate reached 0.996.