ScriptShield: deep Learning-Powered web application firewall against Cross-Site scripting (XSS) attacks
摘要
Cross-Site Scripting (XSS) attacks remain one of the most dangerous and widespread threats to web applications, due to their ability to inject malicious scripts into trusted web pages. Traditional detection techniques, including rule-based methods and signature-based systems, are increasingly ineffective against evolving attack strategies, such as obfuscation and polymorphism. Existing machine learning and deep learning approaches have addressed some of these limitations but still face critical gaps: (1) they fail to integrate multi-modal features (textual and structural) effectively, (2) they struggle with obfuscated payloads, (3) they lack explicit modeling of cross-modal dependencies, and (4) they suffer from high computational complexity that hinders real-time deployment. To address these gaps, this paper proposes ScriptShield, a novel deep learning framework for XSS attack detection that integrates multi-modal features through a dual-input, multi-branch architecture. This design enables parallel processing of textual (lexical content) and symbolic (structural elements) features, significantly improving detection accuracy from 99.38% to 99.82%. Additionally, we introduce a cross-attention mechanism to model inter-modal dependencies, allowing the model to detect sophisticated attacks where malicious intent emerges from the interplay between JavaScript code and HTML structure. ScriptShield demonstrates superior robustness against obfuscated payloads, achieving 99.6% accuracy on obfuscated attacks, compared to only 97% for baseline models. This enhanced detection capability is further validated by experimental results showing that ScriptShield outperforms existing models in both accuracy and real-time deployability. Despite its sophisticated architecture, ScriptShield is computationally efficient, processing up to 1,800 requests per second with 1 ms inference time on modest hardware. Comprehensive experimental validation, including ablation studies, cross-validation, and testing on novel attack variants, confirms the model’s robustness, scalability, and practical applicability in real-world web security systems.