XSS Adversarial Attacks Based on Deep Reinforcement Learning: A Replication and Extension Study
Samuele Pasini, Gianluca Maragliano, Jinhan Kim, Paolo Tonella
TL;DR
The paper tackles the vulnerability of DL-based XSS detectors to adversarial mutations by replicating a state-of-the-art RL-based attack and extending it with an XSS Oracle to test semantic validity. It demonstrates that, when threats to validity are mitigated, adversarial payloads achieve high escape rates (ER) while preserving attack semantics, and shows that preprocessing artifacts largely drive prior high evasion. The authors integrate the Oracle into training to produce robust evaluations, achieving ERs above 96% across detectors and substantially reducing ruin and OOV rates. This work enhances transparency and reproducibility in adversarial XSS research and underscores the need for validation frameworks that preserve payload semantics during evaluation.
Abstract
Cross-site scripting (XSS) poses a significant threat to web application security. While Deep Learning (DL) has shown remarkable success in detecting XSS attacks, it remains vulnerable to adversarial attacks due to the discontinuous nature of its input-output mapping. These adversarial attacks employ mutation-based strategies for different components of XSS attack vectors, allowing adversarial agents to iteratively select mutations to evade detection. Our work replicates a state-of-the-art XSS adversarial attack, highlighting threats to validity in the reference work and extending it toward a more effective evaluation strategy. Moreover, we introduce an XSS Oracle to mitigate these threats. The experimental results show that our approach achieves an escape rate above 96% when the threats to validity of the replicated technique are addressed.