In present-day time, most of the associations are making use of web services for improved services to their clients. With the upturn in count of web users, there is a considerable hike in the web attacks. Study indicates that more than 80% of the web applications are vulnerable to cross-site scripting (XSS) attacks. XSS is one of the fatal attacks & it has been practiced over the maximum number of well-known search engines and social sites. At the same time, there are large number of attacks on web applications that are getting popular among attackers. Attacks like injection vulnerabilities such as SQL Injection, Cross site Scripting, Cross site Request Forgery (CSRF) are very common and threatening to the modern web applications. In this paper, we have considered XSS attacks, its prediction and detection different kind of methods applied to repel these attacks with their corresponding limitations. Additionally, we have discussed the proposed approach for defying XSS attack using intrusion detection system. For using IDS cyber-attacks detection system along with KF(knowledge flow model) model approach for prediction cross scripting attack. Finally, the result of vulnerability scanners are shown and analysed before and after the implementation of known XSS security trials.

Cross-Site-Scripting, XSS, Attacks, Web application, cyber-attacks, IDS system. Kf Model, network security, prediction, detection, network attacks, etc.

[1] N. Niu E. Stroulia M. El-Ramly: Understanding Web usage for dynamic Web-site adaptation: a case study. 2002 Proceedings. Fourth International Workshop on Web Site Evolution.
[2] K. Pranathi, S. Kranthi, Dr.A.Srisaila, P. Madhavilatha: Attacks on web Application Caused by Cross Site Scripting: 2018 2nd international conference on electronics, Communication and Aerospace Technology.
[3] Twana Assad TAHA, Murat Karabatak: A proposed approach for preventing Cross Site Scripting: 2018 6th International Symposium on Digital Forensic and Security (ISDFS)
[4] V.K Malviya, S.Saurav: On security issues in web applications through cross-site scripting: 2013 20th Asia Pacific Software Engineering Conference (AtiPSEC), Bangkok, 2013, pp.583-588
[5] MohitDayal, Nanhay Singh, Ram Shringar Raw: A comprehensive Inspecon of Cross Site Scripting Attack. International Conference on Computing, Communication, and Automation (ICCCA2016)
[6] Francois Mouton; Mercia M. Malan; Louise Leenen; H.S. Venter: Social engineering attack framework. 2014 Information Security for South Africa .
[7] Florian Kerschbaum 2007. Simple Cross-Site Attack Prevention: 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.
[8] Imran Yusof, Al-SakibPathan: Preventing Persistent Cross-Site Scripting (XSS) Attack By Applying Pattern Filtering Approach.
[9] https://www.netsparker.com/blog/websecurity/dom-based-cross-site-scriptingvulnerability/.
[10] https://www.veracode.com/directory/owasp-top10.
[11].Abusaimeh, H. and Shkoukani, M. (2012). Survey of Web Application and Internet Security Threats. International Journal of Computer Science and Network Security. Vol 12, Issue 12, 67-76.
[12] Internet Security Threat Report, Symantec, vol.22, retrieved from: https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf .
[13] WhiteHat Website Security Statistics Report,2014. retrieved from https://www.whitehatsec.com/.
[14] Web Application Attack Report,2015. Imperva. Retrieved from http://www.imperva.com/ .
[15] The Ten Most critical Web Application Security Risks, 2010. Open Web Application Security Project Top 10. Retrieved from http://www.owasp.org/.
[16] The Ten Most critical Web Application Security Risks, 2013. Open Web Application Security Project Top 10. Retrieved from http://www.owasp.org/.