Cross-site scripting (XSS) poses a significant threat to web application security. While Deep Learning (DL) has shown remarkable success in detecting XSS attacks, it remains vulnerable to adversarial attacks due to the discontinuous nature of its input-output mapping. These adversarial attacks employ mutation-based strategies for different components of XSS attack vectors, allowing adversarial agents to iteratively select mutations to evade detection. Our work replicates a state-of-the-art XSS adversarial attack, highlighting threats to validity in the reference work and extending it toward a more effective evaluation strategy. Moreover, we introduce an XSS Oracle to mitigate these threats. The experimental results show that our approach achieves an escape rate above 96% when the threats to validity of the replicated technique are addressed.
View on arXiv@article{pasini2025_2502.19095,
title={ XSS Adversarial Attacks Based on Deep Reinforcement Learning: A Replication and Extension Study },
author={ Samuele Pasini and Gianluca Maragliano and Jinhan Kim and Paolo Tonella },
journal={arXiv preprint arXiv:2502.19095},
year={ 2025 }
}