| Title |
Context-aware hybrid detection of DOM-based cross-site scripting via runtime semantic modeling |
| Authors |
Iavich, Maksim ; Botchorishvili, Daviti ; Lopata, Audrius |
| DOI |
10.3390/info17040346 |
| Full Text |
|
| Is Part of |
Information.. Basel : MDPI. 2026, vol. 17, iss. 4, art. no. 346, p. 1-22.. ISSN 2078-2489 |
| Keywords [eng] |
DOM-based XSS ; machine learning ; random forest ; taint tracking ; web security ; browser security ; context-aware detection |
| Abstract [eng] |
DOM-based Cross-Site Scripting (DOM XSS) remains a critical web application vulnerability due to its exclusive manifestation within client-side execution contexts, rendering traditional server-side defenses ineffective. Existing machine learning approaches achieve high recall but suffer from critically low precision in DOM-specific scenarios. Payload-centric classifiers frequently misclassify syntactically suspicious but semantically benign injections, causing high false positive rates. This paper introduces a context-aware hybrid detection framework integrating dynamic taint tracking with runtime DOM semantic analysis and lightweight machine learning classification. The proposed architecture extracts a 42-dimensional feature vector combining 22 lexical payload features with 20 contextual execution features capturing sink semantics, element type, attribute execution capability, and DOM state properties. A Random Forest classifier is employed to enable low-latency inference and demonstrates potential for real-time deployment. By modeling exploitability as a function of execution context rather than payload syntax alone, the framework significantly reduces false positives while maintaining high detection capability. Experimental evaluation demonstrates that contextual feature integration substantially improves precision compared to payload-only baselines, achieving a favorable precision-efficiency trade-off. The primary contribution lies in elevating runtime semantic context to a first-class feature space for DOM XSS detection, representing a shift from text-centric classification toward execution-aware security modeling in client-side web environments. |
| Published |
Basel : MDPI |
| Type |
Journal article |
| Language |
English |
| Publication date |
2026 |
| CC license |
|
