ABSTRACT
Dynamic web pages are widely used by web applications to provide a better user experience and to attract more web users. The web applications use client-side and server-side scripts to provide dynamic behavior to the web pages. Cross-Site Scripting (XSS) attack uses malicious scripts and links injected into the trusted webpages to steal sensitive data from the victims. In this work, the experimental results obtained using machine learning algorithms (Random Forest Classifier, MLP Classifier, Gen ELM Classifier, Naïve Bayes, Support Vector Machine, and K Neighbours Classifier) for the prediction of XSS attack and phishing websites attacks are implemented. This is done using the features based on normal and malicious URLs and JavaScript. Random Forest Classifier gave better results than MLP Classifier, Gen ELM Classifier, Naïve Bayes, Support Vector Machine, and K Neighbours Classifier based on the features extracted from URL and JavaScript code. All the algorithms gave comparatively better results with discretized attributes, but a noticeable difference in performance was seen only in the case of SVM. A detailed literature survey is presented and proposes a new approach to detect phishing websites by features extraction and machine learning algorithm.
