Federated Learning for XSS Detection: A Privacy-Preserving Approach

Mahran Jazi, Irad Ben-Gal

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Collaboration between edge devices has increased the scale of machine learning (ML), which can be attributed to increased access to large volumes of data. Nevertheless, traditional ML models face significant hurdles in securing sensitive information due to rising concerns about data privacy. As a result, federated learning (FL) has emerged as another way to enable devices to learn from each other without exposing user’s data. This paper suggests that FL can be used as a validation mechanism for finding and blocking malicious attacks such as cross-site scripting (XSS). Our contribution lies in demonstrating the practical effectiveness of this approach on a real-world dataset, the details of which are expounded upon herein. Moreover, we conduct comparative performance analysis, pitting our FL approach against traditional centralized parametric ML methods, such as logistic regression (LR), deep neural networks (DNNs), support vector machines (SVMs), and k-nearest neighbors (KNN), thus shedding light on its potential advantages. The dataset employed in our experiments mirrors real-world conditions, facilitating a meaningful assessment of the viability of our approach. Our empirical evaluations reveal that the FL approach not only achieves performance on par with that of centralized ML models but also provides a crucial advantage in terms of preserving the privacy of sensitive data.

Original languageEnglish
Title of host publication16th International Conference on Knowledge Discovery and Information Retrieval, KDIR 2024 as part of IC3K 2024 - Proceedings of the 16th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management
EditorsFrans Coenen, Ana Fred, Jorge Bernardino
Pages283-293
Number of pages11
ISBN (Electronic)9789897587160
DOIs
StatePublished - 2024
Event16th International Conference on Knowledge Discovery and Information Retrieval, KDIR 2024 as part of 16th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, IC3K 2024 - Porto, Portugal
Duration: 17 Nov 202419 Nov 2024

Publication series

NameInternational Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, IC3K - Proceedings
Volume1

Conference

Conference16th International Conference on Knowledge Discovery and Information Retrieval, KDIR 2024 as part of 16th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, IC3K 2024
Country/TerritoryPortugal
CityPorto
Period17/11/2419/11/24

Keywords

  • Cross-Site Scripting (XSS) Detection
  • Federated Learning
  • Non-IID Data Distribution
  • On-Device Learning
  • Threat Detection in Web Applications

All Science Journal Classification (ASJC) codes

  • Software
  • Management of Technology and Innovation
  • Strategy and Management

Cite this