[2502.19095] Cross-site scripting adversarial attacks based on deep reinforcement learning: Evaluation and extension study

Computer Science > Software Engineering arXiv:2502.19095 (cs) [Submitted on 26 Feb 2025 (v1), last revised 20 Mar 2026 (this version, v2)] Title:Cross-site scripting adversarial attacks based on deep reinforcement learning: Evaluation and extension study Authors:Samuele Pasini, Gianluca Maragliano, Jinhan Kim, Paolo Tonella View a PDF of the paper titled Cross-site scripting adversarial attacks based on deep reinforcement learning: Evaluation and extension study, by Samuele Pasini and 3 other authors View PDF HTML (experimental) Abstract:Cross-site scripting (XSS) poses a significant threat to web application security. While Deep Learning (DL) has shown remarkable success in detecting XSS attacks, it remains vulnerable to adversarial attacks due to the discontinuous nature of the mapping between the input (i.e., the attack) and the output (i.e., the prediction of the model whether an input is classified as XSS or benign). These adversarial attacks employ mutation-based strategies for different components of XSS attack vectors, allowing adversarial agents to iteratively select mutations to evade detection. Our work replicates a state-of-the-art XSS adversarial attack, highlighting threats to validity in the reference work and extending it towards a more effective evaluation strategy. Moreover, we introduce an XSS Oracle to mitigate these threats. The experimental results show that our approach achieves an escape rate above 96% when the threats to validity of the replicated ...