Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey

Ali Nafea Yousif ^1,2,* , Ziyad Tariq Mustafa Al-Ta'i¹

¹Department of Computer Science, College of Science, University of Diyala, Baqubah, Iraq

²University of Information Technology and Communication, Baghdad, Iraq

Emails: scicomphd232404@uodiyala.edu.iq; ziyad1964tariq@uodiyala.edu.iq

Abstract

The dramatically increasing use of web applications and the rapid development of cloud services and interactive websites that provide integrated online services, relying on user data entry and server response, have been the primary drivers of the increase in cyber-attacks and threats, most notably cross-site scripting (XSS). Cross-site scripting attacks exploit available security vulnerabilities to inject malicious code, leading to numerous risks such as malware distribution, session hijacking, and data theft. Most traditional defense methods, such as input validation and output encoding, are reasonably ineffective against advanced threats. The advances in machine learning and artificial intelligence models have provided more accurate detection and prevention capabilities for these threats with significant accuracy. This study reviews the types and mechanisms of XSS attacks, existing mitigation techniques, and detection methods based on machine and deep learning. It also highlights several previous studies and related work on detecting and preventing these attacks, compares these works' performance using evaluation metrics and several aspects, identifies research gaps, and outlines future directions for improving XSS detection methods.

Keywords: Cross-Site Scripting (XSS); Cybersecurity; Machine learning; Web application security; AI-based threat detection