Machine Learning for Detection and Mitigation of Web Vulnerabilities and Web Attacks

TL;DR

This paper surveys how machine learning techniques are applied to detect and prevent web vulnerabilities like XSS and CSRF, highlighting current approaches, their effectiveness, and areas for future research.

Contribution

It provides a comprehensive overview of classical and advanced machine learning methods used in web security for XSS and CSRF detection and prevention.

Findings

Machine learning shows promise in detecting web attacks.

Various approaches have different strengths and limitations.

Research is ongoing to improve detection accuracy and reduce false positives.

Abstract

Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming more challenging to detect. Several ideas from different perspectives have been put forth that can be used to improve the performance of detecting these web vulnerabilities and preventing the attacks from happening. Machine learning techniques have lately been used by researchers to defend against XSS and CSRF, and given the positive findings, it can be concluded that it is a promising research direction. The objective of this paper is to briefly report on the research works that have been published in this direction of applying classical and advanced machine learning to identify and prevent XSS and CSRF. The purpose of providing this survey is to address different machine learning approaches that have been implemented, understand the key takeaway of every research, discuss their positive impact and the downsides that persists, so that it can help the researchers to determine the best direction to develop new approaches for their own research and to encourage researchers to focus towards the intersection between web security and machine learning.