With the widespread popularity of the Internet and the transformation of the world into a global village, Web applications have been drawn increased attention over the years by companies, organizations, and social media, making it a prime target for cyber-attacks. The cross-site scripting attack (XSS) is one of the most severe concerns, which has been highlighted in the forefront of information security experts' reports. In this study, we proposed XGBXSS, a novel web-based XSS attack detection framework based on an ensemble-learning technique using the Extreme Gradient Boosting algorithm (XGboost) with extreme parameters optimization approach. An enhanced feature extraction method is presented to extract the most useful features from the developed dataset. Furthermore, a novel hybrid approach for features selection is proposed, comprising information gain (IG) fusing with sequential backward selection (SBS) to select an optimal subset reducing the computational costs and maintaining the high-performance of detector' simultaneously. The proposed framework has successfully exceeded several tests on the holdout testing dataset and achieved avant-garde results with accuracy, precision, detection probabilities, F-score, false-positive rate, false-negative rate, and AUC-ROC scores of 99.59%, 99.53 %, 99.01%, 99.27%, 0.18%, 0.98%, and 99.41%, respectively. Moreover, it can bridge the existing research gap concerning previous detectors, with a higher detection rate and lesser computational complexity. It also has the potential to be deployed as a self-reliant system, which is efficient enough to defeat such attacks, including zero-day XSS-based attacks.

随着Internet的广泛普及和世界向全球乡村的转变，Web应用程序在过去的几年中受到了公司，组织和社交媒体的越来越多的关注，使其成为网络攻击的主要目标。跨站点脚本攻击（XSS）是最严重的问题之一，在信息安全专家的报告中最突出地强调了这一点。在这项研究中，我们提出了XGBXSS，这是一种新颖的基于Web的XSS攻击检测框架，该框架基于集成学习技术，使用极限梯度增强算法（XGboost）和极限参数优化方法。提出了一种增强的特征提取方法，可从开发的数据集中提取最有用的特征。此外，提出了一种新颖的混合特征选择方法，包括信息增益（IG）与顺序后向选择（SBS）融合以选择最佳子集，从而降低计算成本并同时保持检测器的高性能。所提出的框架已成功超过了对保持测试数据集的多项测试，并以准确性，准确性，检测概率，F得分，假阳性率，假阴性率和AUC-ROC得分达到了99.59％，取得了前卫的成绩，分别为99.53％，99.01％，99.27％，0.18％，0.98％和99.41％。此外，它可以以更高的检测率和更低的计算复杂度来弥补与以前的检测器有关的现有研究差距。它还具有部署为自力更生系统的潜力，该系统足够有效地抵御此类攻击，包括基于零日XSS的攻击。