Text-mining based predictive model to detect XSS vulnerable files in web applications

This paper presents a text-mining based approach to detect cross-site scripting (XSS) vulnerable code files in the web applications. It uses a tailored tokenizing process to extract text-features from the source code of web applications. In this process, each code file is transformed into a set of unique text-features with their associated frequencies. These features are used to build vulnerability prediction models. The efficiency of proposed approach based model is evaluated on a publicly available dataset having 9408 labelled source code files. Experimental results show that proposed features based best predictive model achieves a true average rate of 87.8% with low false rate of 12.3% in the detection of XSS vulnerable files. It is significantly better than the performance of existing text-mining approach based model that achieves a true average rate of 71.6% with false rate of 33.1% on the same data set.