Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (8): 761-.

Previous Articles     Next Articles

Research on Analysis and Detection Methods of Adversarial Crosssite #br# Scripting Attacks Based on LSTM and CNN#br#

Song Yumeng, Gong Yuanli, and Ren Yan   

  1. (School of Information, Yunnan University of Finance and Economics, Kunming 650221)
  • Online:2025-08-28 Published:2025-08-28

基于LSTM和CNN的对抗性跨站脚本攻击分析和检测方法研究

宋雨濛龚元丽任艳   

  1. (云南财经大学信息学院昆明650221)
  • 通讯作者: 宋雨濛 硕士.主要研究方向为攻击检测. 15231672840@163.com
  • 作者简介:宋雨濛 硕士.主要研究方向为攻击检测. 15231672840@163.com 龚元丽 硕士.主要研究方向为数据挖掘. 15708297359@163.com 任艳 硕士.主要研究方向为目标检测. 1753933278@qq.com

Abstract: In recent years, machine learning and deep learning techniques have achieved significant success in detecting crosssite scripting (XSS) attacks. However, they still face challenges in defending adversarial attacks. To address this issue, this paper proposes an optimized method based on soft actorcritic (SAC) reinforcement learning combined with long shortterm memory (LSTM) and convolutional neural network (CNN). Firstly, adversarial samples are generated by leveraging the SAC and LSTMCNN detection model to simulate attacker strategies. These samples are then used for incremental training of the detection model, progressively narrowing the adversarial data generation space and improving the model’s robustness and detection accuracy. Experimental results show that the generated adversarial data achieves an evasion success rate of over 90% across multiple detection tools. After incremental training, the detection model’s defense capability against adversarial XSS attacks is significantly enhanced, with the evasion rate continuously decreasing.

Key words: crosssite scripting, soft actorcritic, long shortterm memory network, convolutional neural network, adversarial attacks

摘要: 随着互联网的发展,XSS(crosssite scripting)成为一大网络安全威胁.研究者们将机器学习与深度学习技术应用于XSS检测,并取得了显著成果,但存在无法应对对抗性攻击的问题.为了解决这一问题,提出一种基于强化学习SAC(soft actorcritic)与LSTM(long shortterm memory),CNN(convolutional neural network)相结合的方法.首先训练LSTMCNN为XSS攻击检测模型,然后利用SAC与LSTMCNN检测模型生成对抗性攻击样本以模拟攻击者策略,将这些样本用于检测模型的增量训练,以逐步缩小对抗性数据生成空间,提高模型鲁棒性和检测精度.实验结果表明,生成的对抗性数据能在多种检测工具上实现超过90%的成功逃逸率,通过增量训练后,检测模型对对抗性XSS攻击的防御能力得到显著提升,逃逸率持续下降.

关键词: 跨站脚本攻击, SAC, 长短期记忆网络, 卷积神经网络, 对抗性攻击

CLC Number: