<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.4 20241031//EN" "JATS-journalpublishing1-4.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" article-type="research-article" dtd-version="1.4" xml:lang="en">
  <front>
    <journal-meta>
      <journal-id journal-id-type="publisher-id">jilsa</journal-id>
      <journal-title-group>
        <journal-title>Journal of Intelligent Learning Systems and Applications</journal-title>
      </journal-title-group>
      <issn pub-type="epub">2150-8410</issn>
      <issn pub-type="ppub">2150-8402</issn>
      <publisher>
        <publisher-name>Scientific Research Publishing</publisher-name>
      </publisher>
    </journal-meta>
    <article-meta>
      <article-id pub-id-type="doi">10.4236/jilsa.2026.183014</article-id>
      <article-id pub-id-type="publisher-id">jilsa-152350</article-id>
      <article-categories>
        <subj-group>
          <subject>Article</subject>
        </subj-group>
        <subj-group>
          <subject>Computer Science</subject>
          <subject>Communications</subject>
        </subj-group>
      </article-categories>
      <title-group>
        <article-title>Enhancing Cross-Site Scripting (XSS) Attacks Detection through Modern Transformer Architecture Optimizations</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Wangilisasi</surname>
            <given-names>Emil</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Leo</surname>
            <given-names>Judith</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Sam</surname>
            <given-names>Anael</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
      </contrib-group>
      <aff id="aff1"><label>1</label> School of Computational and Communication Science and Engineering, Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha, Tanzania </aff>
      <author-notes>
        <fn fn-type="conflict" id="fn-conflict">
          <p>The authors declare no conflicts of interest regarding the publication of this paper.</p>
        </fn>
      </author-notes>
      <pub-date pub-type="epub">
        <day>03</day>
        <month>08</month>
        <year>2026</year>
      </pub-date>
      <pub-date pub-type="collection">
        <month>08</month>
        <year>2026</year>
      </pub-date>
      <volume>18</volume>
      <issue>03</issue>
      <fpage>216</fpage>
      <lpage>234</lpage>
      <history>
        <date date-type="received">
          <day>16</day>
          <month>05</month>
          <year>2026</year>
        </date>
        <date date-type="accepted">
          <day>28</day>
          <month>06</month>
          <year>2026</year>
        </date>
        <date date-type="published">
          <day>01</day>
          <month>07</month>
          <year>2026</year>
        </date>
      </history>
      <permissions>
        <copyright-statement>© 2026 by the authors and Scientific Research Publishing Inc.</copyright-statement>
        <copyright-year>2026</copyright-year>
        <license license-type="open-access">
          <license-p> This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( <ext-link ext-link-type="uri" xlink:href="https://creativecommons.org/licenses/by/4.0/">https://creativecommons.org/licenses/by/4.0/</ext-link> ). </license-p>
        </license>
      </permissions>
      <self-uri content-type="doi" xlink:href="https://doi.org/10.4236/jilsa.2026.183014">https://doi.org/10.4236/jilsa.2026.183014</self-uri>
      <abstract>
        <p>Cross-Site Scripting (XSS) remains a widespread and damaging threats to web applications, as highlighted by the OWASP Top 10. While various detection methods exist, they often struggle to keep pace with the sophistication of attack vectors and obfuscation techniques. This paper implements an approach for enhancing XSS detection by leveraging modern optimizations within the transformer architecture. Our methodology uses a custom transformer encoder model trained on an aggregated dataset of nearly 100,000 samples, including newly collected XSS payloads. To enhance performance and efficiency, we integrate two key architectural improvements: Rotary Positional Embeddings (RoPE) to achieve a superior contextual understanding of HTTP payloads, and Flash Attention to significantly accelerate training and inference speeds while reducing memory consumption. Experimental results show good performance of our model that achieves an accuracy of 99.38 with high recall and precision. An ablation study demonstrates that the integrated optimizations improve detection accuracy by 0.11 percentage points, while reducing training time by approximately 32% and peak GPU memory usage by approximately 30% relative to standard Transformer configurations. Comparative evaluation against a Random Forest baseline further reveals a clear contextual understanding advantage over traditional frequency-based approaches, justifying the architectural complexity. The proposed model effectively captures structural patterns in sophisticated payloads that typically evade classical methods. This work presents an efficient, and accurate solution in real-time XSS threat detection.</p>
      </abstract>
      <kwd-group kwd-group-type="author-generated" xml:lang="en">
        <kwd>Cross-Site Scripting (XSS)</kwd>
        <kwd>Transformer-Based Detection</kwd>
        <kwd>Rotary Positional Embeddings</kwd>
        <kwd>Flash Attention</kwd>
        <kwd>Deep Learning</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec1">
      <title>1. Introduction</title>
      <p>The rapid increase of web applications, mobile applications and online services has made safeguarding data and ensuring secure user interactions a critical priority. Among many threats in the cyber landscape, Cross-Site Scripting (XSS) vulnerabilities stand out as one of the most pervasive and damaging. According to the Open Web Application Security Project (OWASP) [<xref ref-type="bibr" rid="B1">1</xref>], XSS attacks rank among the top ten most common web application security risks. OWASP is a global community and nonprofit organization focused on improving software security. These vulnerabilities can expose sensitive information, compromise user privacy, and enable malicious actors to execute arbitrary code on web applications, potentially leading to catastrophic consequences. <xref ref-type="fig" rid="fig1">Figure 1</xref> shows the OWASP top ten vulnerabilities for the year 2025. This list is updated after every four years.</p>
      <fig id="fig1">
        <label>Figure 1</label>
        <graphic xlink:href="https://html.scirp.org/file/9601772-rId15.jpeg?20260701014751" />
      </fig>
      <p><bold>Figure 1.</bold> OWASP top 10 web application vulnerabilities [<xref ref-type="bibr" rid="B1">1</xref>].</p>
      <p>XSS attacks occur when scripts with malicious intent are inserted into pages of a web application that are viewed by users. These scripts can be crafted to steal sensitive user data, deface websites and perform ill-intended actions on behalf of users without the user’s consent. The consequences of XSS attacks are severe, leading to compromised user accounts, data breaches, and damaged reputations for affected organizations. Over the years, researchers have delved deep into different categories of XSS attacks, such as reflected, stored and DOM-based XSS [<xref ref-type="bibr" rid="B2">2</xref>]. They have also explored mitigation techniques ranging from validation of the inputs to coding practices that emphasize security and content security policies. Understanding the evolution of XSS attacks and the countermeasures devised to mitigate them is crucial for the ongoing efforts to secure web applications against this persistent threat. <xref ref-type="fig" rid="fig2">Figure 2</xref> shows how an XSS attack occurs.</p>
      <p>There have been many security mechanisms to detect and prevent XSS attacks. </p>
      <fig id="fig2">
        <label>Figure 2</label>
        <graphic xlink:href="https://html.scirp.org/file/9601772-rId16.jpeg?20260701014751" />
      </fig>
      <p><bold>Figure 2.</bold> Cross site scripting attack (XSS).</p>
      <p>Such mechanisms include dynamic analysis, static analysis hybrid analysis, traditional machine learning approaches, and approaches based on deep learning. Despite the relative success of these methods in mitigating the threat of XSS attacks, they have failed to completely counter the attacks due to the evolving sophistication of XSS attacks. Attackers have continually devised new evasion techniques and obfuscation methods to bypass these defenses, making it imperative for the cybersecurity community to explore novel, intelligent, and adaptive solutions.</p>
      <p>The objective of this work is to apply recent advances in Natural Language Processing (NLP), particularly Transformer-based techniques, to improve the detection of XSS attacks across multiple performance metrics. The main contributions of this study are twofold. First, recent XSS data was collected to expand the available datasets used for training and testing the proposed model. Second, state-of-the-art techniques, including **Flash Attention** for improved processing speed and **RoPE positional encoding** for better contextual understanding of HTTP payloads, were incorporated to enhance the classification of malicious and benign traffic.</p>
    </sec>
    <sec id="sec2">
      <title>2. Related Work</title>
      <p>Several research methods have been introduced in recent years to detect cross-site scripting vulnerabilities. Fang <italic>et al</italic>. [<xref ref-type="bibr" rid="B3">3</xref>] developed DeepXSS, a tool based on deep learning for detecting XSS attacks. Their approach applied the word2vec algorithm to extract features that capture word-order information from XSS payloads, after which each payload was represented as a corresponding feature vector. The detection model was then trained and evaluated using Long Short-Term Memory (LSTM) which is a type of recurrent neural networks (RNNs). For future work, the authors suggested collecting additional XSS attack datasets and experimenting with other deep learning algorithms.</p>
      <p>Yan <italic>et al</italic>. [<xref ref-type="bibr" rid="B4">4</xref>] introduced a model based on convolutional neural networks (CNN) for detecting XSS attacks, incorporating a modified ResNet block to improve detection performance. Their key contribution was a URL preprocessing method designed around the syntactic and semantic features of encoded XSS attack scripts. They also enhanced the residual module of ResNet to extract features from three perspectives and replaced the layer that is fully connected with a structure that uses 1 × 1 convolution features. For future work, the authors suggested exploring the use of their model in other web vulnerability detection and mining tasks, such as cross-site request forgery, buffer overflow and SQL injection.</p>
      <p>In [<xref ref-type="bibr" rid="B5">5</xref>], traditional machine learning techniques were applied to detect XSS attacks in web applications. The authors analyzed various algorithms, such as support vector machines, decision trees, Naive Bayes, and logistic regression. For future work, they suggested addressing the dataset imbalance issue by using generative methods to create a more balanced dataset.</p>
      <p>Gated Recurrent Units (GRU) were used to detect malicious Uniform Resource Locators (URLs) that may contain injection attacks such as XSS in [<xref ref-type="bibr" rid="B6">6</xref>]. Their study used characters as text classification features. For future work the authors propose further research in optimization of their model to reduce memory usage while maintaining the test results.</p>
      <p>Zhou and Wang [<xref ref-type="bibr" rid="B7">7</xref>] developed an ensemble-based tool for detecting XSS attacks. Their method employed multiple Bayesian networks, each constructed using domain knowledge and threat intelligence to improve detection accuracy. They also developed a method to make their results explainable to end users. For future work, the authors aim to test their method with different datasets and scenarios that are more practical as well as integrating the method in an operational web application security risk assessment system. <bold>Table 1</bold> shows a summary of related studies.</p>
      <p><bold>Table 1.</bold> Related studies on XSS attacks detection.</p>
      <table-wrap id="tbl1">
        <label>Table 1</label>
        <table>
          <tbody>
            <tr>
              <td>Author</td>
              <td>Year</td>
              <td>Method</td>
              <td>Future Work/Limitation</td>
            </tr>
            <tr>
              <td>
                Fang
                <italic>et al</italic>
              </td>
              <td>2018</td>
              <td>Long Short Term Memory (LSTM)</td>
              <td>Collect more XSS datasets and use other DL algorithms</td>
            </tr>
            <tr>
              <td>
                Yan
                <italic>et al</italic>
                .
              </td>
              <td>2022</td>
              <td>CNN and modified ResNet</td>
              <td>Expand method to other attacks such as cross-site request forgery and SQL injection</td>
            </tr>
            <tr>
              <td>Kascheev and Olenchikova</td>
              <td>2020</td>
              <td>Classical Machine Learning</td>
              <td>Use generative methods to generate a balanced dataset.</td>
            </tr>
            <tr>
              <td>
                Yang
                <italic>et al</italic>
                .
              </td>
              <td>2019</td>
              <td>Gated Recurrent Units (GRUs)</td>
              <td>Optimization to reduce memory usage while maintaining good test results</td>
            </tr>
            <tr>
              <td>Zhou and Wang</td>
              <td>2019</td>
              <td>Machine learning ensemble-based approach</td>
              <td>Test method with more datasets. Integrate method in areal web application security system</td>
            </tr>
          </tbody>
        </table>
      </table-wrap>
      <p>While existing methods effectively identify established XSS attack patterns, they often struggle to detect novel attack vectors. Our work presents an approach that analyzes the semantic structure of XSS patterns by leveraging recent advances in transformer architectures. This semantic understanding enables better detection of previously unseen attacks.</p>
    </sec>
    <sec id="sec3">
      <title>3. Materials and Methods</title>
      <sec id="sec3dot1">
        <title>3.1. Dataset</title>
        <p>In this study we have one dataset with 98,008 total samples, of which 49,532 are malicious and 48,476 are benign samples. This dataset was collected in five ways. The first dataset is a primary synthetic dataset that we created by employing the XSStrike tool against the intentionally vulnerable OWASP Juice Shop application, with the resulting logs captured using Burp Suite. The second dataset is secondary dataset obtained from Kaggle [<xref ref-type="bibr" rid="B8">8</xref>], containing 13,676 examples of which 6313 are benign traffic and 7363 are malicious XSS traffic. The third dataset was obtained from the official OWASP Github repository [<xref ref-type="bibr" rid="B9">9</xref>] which contains a list of up-to-date XSS payloads submitted by security researchers. The OWASP repository is up to date and well maintained. The fourth source was created by crawling the XSSed website [<xref ref-type="bibr" rid="B10">10</xref>] for malicious XSS samples while benign samples were collected by simulating normal browsing activity across legitimate websites and collecting the browsing traffic as normal payload. The fifth dataset consisted of live malicious traffic samples collected over a 90-day period using a T-Pot honeypot deployed on a Virtual Private Server (VPS). Snare and Tanner which are part of T-Pot were used to capture real interaction attempts and web-based attack traffic in an Internet-exposed environment. This approach provided realistic samples of live malicious activity beyond the static payloads in datasets 2 and 3, thereby exposing the model to attack patterns observed in operational settings. The five datasets were then combined and then the entire consolidated dataset was deduplicated before train-test-split to prevent the problem of data leakage which often occurs when identical samples appeared in both the training and evaluation sets [<xref ref-type="bibr" rid="B11">11</xref>]. The resulting single dataset was then used to train our model. <xref ref-type="fig" rid="fig3">Figure 3</xref> shows a snapshot of a sample of the dataset while <bold>Table 2</bold> summarizes the contribution of each source and collection route to the consolidated dataset.</p>
        <p>3.1.1. Deduplication and Leakage Control</p>
        <p>The consolidated dataset was deduplicated before splitting to prevent identical payloads from appearing in both training and evaluation subsets. Exact duplicate </p>
        <fig id="fig3">
          <label>Figure 3</label>
          <graphic xlink:href="https://html.scirp.org/file/9601772-rId17.jpeg?20260701014753" />
        </fig>
        <p><bold>Figure 3.</bold> A snapshot of part of our XSS dataset.</p>
        <p><bold>Table 2.</bold> Final dataset composition by source and class label.</p>
        <table-wrap id="tbl2">
          <label>Table 2</label>
          <table>
            <tbody>
              <tr>
                <td>Source</td>
                <td>Benign</td>
                <td>Malicious</td>
                <td>Total</td>
                <td>Notes</td>
              </tr>
              <tr>
                <td>XSStrike + OWASP Juice Shop via Burp Suite</td>
                <td>10,000</td>
                <td>15,507</td>
                <td>25,507</td>
                <td>Controlled synthetic attacks and benign application traffic</td>
              </tr>
              <tr>
                <td>Kaggle XSS dataset</td>
                <td>6313</td>
                <td>7363</td>
                <td>13,676</td>
                <td>Public labeled dataset</td>
              </tr>
              <tr>
                <td>OWASP GitHub repository</td>
                <td>0</td>
                <td>4500</td>
                <td>4500</td>
                <td>Curated XSS payloads</td>
              </tr>
              <tr>
                <td>XSSed crawl</td>
                <td>0</td>
                <td>17,659</td>
                <td>17,659</td>
                <td>Crawled malicious samples</td>
              </tr>
              <tr>
                <td>Benign browsing simulation</td>
                <td>32,163</td>
                <td>0</td>
                <td>32,163</td>
                <td>Normal browsing traffic</td>
              </tr>
              <tr>
                <td>T-Pot/SNARE/Tanner honeypot</td>
                <td>0</td>
                <td>4503</td>
                <td>4503</td>
                <td>Live malicious web traffic</td>
              </tr>
              <tr>
                <td>
                  <bold>Total</bold>
                </td>
                <td>
                  <bold>48,476</bold>
                </td>
                <td>
                  <bold>49,532</bold>
                </td>
                <td>
                  <bold>98,008</bold>
                </td>
                <td>
                  <bold>Composite dataset</bold>
                </td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p>strings were removed after whitespace normalization, and encoded variants were normalized through safe decoding before duplicate checks where applicable. Although this procedure reduced direct leakage between partitions, the evaluation used a random stratified split of the merged dataset rather than a source-wise or external holdout. Therefore, transformed variants of the same base payload may still remain across partitions. Source-wise and external-holdout evaluation are identified as important directions for future validation.</p>
        <p>The distribution of payload lengths in our dataset shows significant variability, as illustrated in <xref ref-type="fig" rid="fig4">Figure 4</xref>. Statistical analysis reveals a median payload length of 43 characters and a 75th percentile of 73 characters. These metrics are crucial for determining the optimal context length for our model architecture, as they indicate that the majority of payloads fall within this range.</p>
        <fig id="fig4">
          <label>Figure 4</label>
          <graphic xlink:href="https://html.scirp.org/file/9601772-rId18.jpeg?20260701014753" />
        </fig>
        <p><bold>Figure 4.</bold> Distribution of payload lengths (in characters) across the dataset displayed on a logarithmic scale (n = 98,008).</p>
        <p>To further validate the quality and discriminative nature of our dataset, we performed an analysis based on the t-distributed Stochastic Neighbor Embedding (t-SNE) to visualize the high-dimensional feature space in two dimensions, as shown in <xref ref-type="fig" rid="fig5">Figure 5</xref>. For this analysis, we employed a stratified random sample of 20,000 instances from the complete dataset to ensure computational tractability while maintaining the original class distribution. Feature extraction was performed using Term Frequency-Inverse Document Frequency (TF-IDF) vectorization with character-level n-grams (n = 3 - 5), which effectively captures the syntactic patterns and special character sequences characteristic of XSS payloads. The t-SNE algorithm was configured with a perplexity of 30 and executed for 1000 iterations to achieve stable embeddings. The resulting visualization demonstrates some overlap in the feature space indicating challenging cases. This spatial distribution provides insights into the complexity of the classification task and validates the necessity of employing deep learning approaches capable of learning nuanced distinctions between legitimate HTTP traffic and XSS attack patterns.</p>
        <fig id="fig5">
          <label>Figure 5</label>
          <graphic xlink:href="https://html.scirp.org/file/9601772-rId19.jpeg?20260701014753" />
        </fig>
        <p><bold>Figure 5.</bold> t-SNE visualization of malicious and benign samples based on character-level TF-IDF features.</p>
        <p>3.1.2. Dataset Split and Model-Selection Protocol</p>
        <p>After preprocessing and deduplication, the dataset was first split using an 80:20 train-test ratio, producing 78,406 development samples and 19,602 held-out test samples. The development portion was then divided further into training and validation subsets, with 10% reserved for validation. This produced an effective 72:8:20 train-validation-test protocol, consisting of 70,565 training samples, 7841 validation samples, and 19,602 test samples. All splits underwent stratification by class label to preserve the benign/malicious distribution, and a random seed that was fixed at 42 was used for reproducibility. The set for validation was used for model selection, hyperparameter tuning, and early stopping. During training, monitoring of validation loss was done with a patience of five epochs and an improvement threshold was set to a minumum value of 0.001. The held-out test set was used only for the final performance evaluation.</p>
      </sec>
      <sec id="sec3dot2">
        <title>3.2. System Pipeline</title>
        <p>A detailed overview of the proposed system pipeline is presented in this section, which uses deep neural networks built on the Transformer architecture. The proposed approach detects Cross-Site Scripting (XSS) attacks by applying deep learning techniques for text classification.</p>
        <p>The input data is first processed through several preprocessing stages, including decoding and tokenization. The resulting tokenized sequences are then passed into the Transformer model, which is trained to classify each sample as either an XSS attack or a benign input. The overall architecture of the proposed method is depicted in <xref ref-type="fig" rid="fig6">Figure 6</xref>.</p>
        <fig id="fig6">
          <label>Figure 6</label>
          <graphic xlink:href="https://html.scirp.org/file/9601772-rId20.jpeg?20260701014753" />
        </fig>
        <p><bold>Figure 6.</bold> Overall system flow.</p>
      </sec>
      <sec id="sec3dot3">
        <title>3.3. Data Preprocessing</title>
        <p>One important step in preprocessing is payload decoding. Attackers frequently encode their malicious queries in a format such as URL, HTML or base64 encoding in order to bypass detecting mechanisms based on pattern matching [<xref ref-type="bibr" rid="B12">12</xref>]. This obfuscation can make even a straightforward payload appear harmless to simple filters. For instance, this cross-site scripting (XSS) payload, </p>
        <fig id="fig7">
          <label>Figure 7</label>
          <graphic xlink:href="https://html.scirp.org/file/9601772-rId77.jpeg?20260701014755" />
        </fig>
      </sec>
    </sec>
  </body>
  <back>
    <ref-list>
      <title>References</title>
      <ref id="B1">
        <label>1.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">OWASP (2025) Introduction-OWASP Top 10. https://owasp.org/Top10/2025/0x00_2025-Introduction</mixed-citation>
          <element-citation publication-type="web">
            <year>2025</year>
            <article-title>Introduction-OWASP Top 10</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B2">
        <label>2.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Stency, V.S. and Mohanasundaram, N. (2021) A Study on XSS Attacks: Intelligent Detection Methods. <italic>Journal</italic><italic>of</italic><italic>Physics</italic>: <italic>Conference</italic><italic>Series</italic>, 1767, Article ID: 012047. https://doi.org/10.1088/1742-6596/1767/1/012047 <pub-id pub-id-type="doi">10.1088/1742-6596/1767/1/012047</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1088/1742-6596/1767/1/012047">https://doi.org/10.1088/1742-6596/1767/1/012047</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Stency, V.S.</string-name>
              <string-name>Mohanasundaram, N.</string-name>
            </person-group>
            <year>2021</year>
            <article-title>A Study on XSS Attacks: Intelligent Detection Methods</article-title>
            <source>Journal of Physics: Conference Series</source>
            <volume>1767</volume>
            <fpage>012047</fpage>
            <elocation-id>ID</elocation-id>
            <pub-id pub-id-type="doi">10.1088/1742-6596/1767/1/012047</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B3">
        <label>3.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Fang, Y., Li, Y., Liu, L. and Huang, C. (2018) DeepXSS: Cross Site Scripting Detection Based on Deep Learning. <italic>Proceedings of the</italic> 2018 <italic>International Conference on Computing and Artificial Intelligence</italic>, Chengdu, 12-14 March 2018, 47-51. https://doi.org/10.1145/3194452.3194469 <pub-id pub-id-type="doi">10.1145/3194452.3194469</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/3194452.3194469">https://doi.org/10.1145/3194452.3194469</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Fang, Y.</string-name>
              <string-name>Li, Y.</string-name>
              <string-name>Liu, L.</string-name>
              <string-name>Huang, C.</string-name>
              <string-name>Intelligence, C</string-name>
            </person-group>
            <year>2018</year>
            <article-title>DeepXSS: Cross Site Scripting Detection Based on Deep Learning</article-title>
            <source>Proceedings of the 2018 International Conference on Computing and Artificial Intelligence</source>
            <volume>12</volume>
            <pub-id pub-id-type="doi">10.1145/3194452.3194469</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B4">
        <label>4.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Yan, H., Feng, L., Yu, Y., Liao, W., Feng, L., Zhang, J., <italic>et al</italic>. (2022) Cross-Site Scripting Attack Detection Based on a Modified Convolution Neural Network. <italic>Frontiers</italic><italic>in</italic><italic>Computational</italic><italic>Neuroscience</italic>, 16, Article 981739. https://doi.org/10.3389/fncom.2022.981739 <pub-id pub-id-type="doi">10.3389/fncom.2022.981739</pub-id><pub-id pub-id-type="pmid">36105945</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.3389/fncom.2022.981739">https://doi.org/10.3389/fncom.2022.981739</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Yan, H.</string-name>
              <string-name>Feng, L.</string-name>
              <string-name>Yu, Y.</string-name>
              <string-name>Liao, W.</string-name>
              <string-name>Feng, L.</string-name>
              <string-name>Zhang, J.</string-name>
            </person-group>
            <year>2022</year>
            <article-title>Cross-Site Scripting Attack Detection Based on a Modified Convolution Neural Network</article-title>
            <source>Frontiers in Computational Neuroscience</source>
            <volume>16</volume>
            <elocation-id>981739</elocation-id>
            <pub-id pub-id-type="doi">10.3389/fncom.2022.981739</pub-id>
            <pub-id pub-id-type="pmid">36105945</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B5">
        <label>5.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Kascheev, S. and Olenchikova, T. (2020) The Detecting Cross-Site Scripting (XSS) Using Machine Learning Methods. 2020 <italic>Global Smart Industry Conference</italic> ( <italic>GloSIC</italic>), Chelyabinsk, 17-19 November 2020, 265-270. https://doi.org/10.1109/glosic50886.2020.9267866 <pub-id pub-id-type="doi">10.1109/glosic50886.2020.9267866</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/glosic50886.2020.9267866">https://doi.org/10.1109/glosic50886.2020.9267866</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Kascheev, S.</string-name>
              <string-name>Olenchikova, T.</string-name>
            </person-group>
            <year>2020</year>
            <article-title>The Detecting Cross-Site Scripting (XSS) Using Machine Learning Methods</article-title>
            <source>2020 Global Smart Industry Conference (GloSIC)</source>
            <volume>17</volume>
            <pub-id pub-id-type="doi">10.1109/glosic50886.2020.9267866</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B6">
        <label>6.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Yang, W., Zuo, W. and Cui, B. (2019) Detecting Malicious URLs via a Keyword-Based Convolutional Gated-Recurrent-Unit Neural Network. <italic>IEEE</italic><italic>Access</italic>, 7, 29891-29900. https://doi.org/10.1109/access.2019.2895751 <pub-id pub-id-type="doi">10.1109/access.2019.2895751</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/access.2019.2895751">https://doi.org/10.1109/access.2019.2895751</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Yang, W.</string-name>
              <string-name>Zuo, W.</string-name>
              <string-name>Cui, B.</string-name>
            </person-group>
            <year>2019</year>
            <article-title>Detecting Malicious URLs via a Keyword-Based Convolutional Gated-Recurrent-Unit Neural Network</article-title>
            <source>IEEE Access</source>
            <volume>7</volume>
            <pub-id pub-id-type="doi">10.1109/access.2019.2895751</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B7">
        <label>7.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Zhou, Y. and Wang, P. (2019) An Ensemble Learning Approach for XSS Attack Detection with Domain Knowledge and Threat Intelligence. <italic>Computers</italic><italic>&amp;</italic><italic>Security</italic>, 82, 261-269. https://doi.org/10.1016/j.cose.2018.12.016 <pub-id pub-id-type="doi">10.1016/j.cose.2018.12.016</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.cose.2018.12.016">https://doi.org/10.1016/j.cose.2018.12.016</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Zhou, Y.</string-name>
              <string-name>Wang, P.</string-name>
            </person-group>
            <year>2019</year>
            <article-title>An Ensemble Learning Approach for XSS Attack Detection with Domain Knowledge and Threat Intelligence</article-title>
            <source>Computers &amp; Security</source>
            <volume>82</volume>
            <pub-id pub-id-type="doi">10.1016/j.cose.2018.12.016</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B8">
        <label>8.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Kaggle (2020) Cross Site Scripting XSS Dataset for Deep Learning. https://www.kaggle.com/datasets/syedsaqlainhussain/cross-site-scripting-xss-dataset-for-deep-learning</mixed-citation>
          <element-citation publication-type="web">
            <year>2020</year>
            <article-title>Cross Site Scripting XSS Dataset for Deep Learning</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B9">
        <label>9.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">OWASP (2025) Cross Site Scripting Prevention Cheat Sheet. OWASP Cheat Sheet Series. https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md</mixed-citation>
          <element-citation publication-type="web">
            <year>2025</year>
            <article-title>Cross Site Scripting Prevention Cheat Sheet</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B10">
        <label>10.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">XSSED (2015) XSSed | Cross Site Scripting (XSS) Attacks Information and Archive. http://www.xssed.com</mixed-citation>
          <element-citation publication-type="web">
            <year>2015</year>
            <article-title>XSSed | Cross Site Scripting (XSS) Attacks Information and Archive</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B11">
        <label>11.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Huyen, C. (2022) Designing Machine Learning Systems. O’Reilly Media, Inc.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Huyen, C.</string-name>
              <string-name>Media, I</string-name>
            </person-group>
            <year>2022</year>
            <article-title>Designing Machine Learning Systems</article-title>
            <source>O’Reilly Media</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B12">
        <label>12.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">PortSwigger (2024) Input Data Encoding and Obfuscation. https://portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings</mixed-citation>
          <element-citation publication-type="web">
            <year>2024</year>
            <article-title>Input Data Encoding and Obfuscation</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B13">
        <label>13.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Sennrich, R., Haddow, B. and Birch, A. (2016) Neural Machine Translation of Rare Words with Subword Units. <italic>Proceedings of the</italic>54 <italic>th Annual Meeting of the Association for Computational Linguistics</italic> ( <italic>Volume</italic>1: <italic>Long Papers</italic>), Berlin, 7-12 August 2016, 1715-1725. https://doi.org/10.18653/v1/p16-1162 <pub-id pub-id-type="doi">10.18653/v1/p16-1162</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.18653/v1/p16-1162">https://doi.org/10.18653/v1/p16-1162</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Sennrich, R.</string-name>
              <string-name>Haddow, B.</string-name>
              <string-name>Birch, A.</string-name>
            </person-group>
            <year>2016</year>
            <article-title>Neural Machine Translation of Rare Words with Subword Units</article-title>
            <source>Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)</source>
            <volume>7</volume>
            <pub-id pub-id-type="doi">10.18653/v1/p16-1162</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B14">
        <label>14.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Pennington, J., Socher, R. and Manning, C. (2014) Glove: Global Vectors for Word Representation. <italic>Proceedings of the</italic>2014 <italic>Conference on Empirical Methods in Natural Language Processing</italic> ( <italic>EMNLP</italic>), Doha, 25-29 October 2014, 1532-1543. https://doi.org/10.3115/v1/d14-1162 <pub-id pub-id-type="doi">10.3115/v1/d14-1162</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.3115/v1/d14-1162">https://doi.org/10.3115/v1/d14-1162</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Pennington, J.</string-name>
              <string-name>Socher, R.</string-name>
              <string-name>Manning, C.</string-name>
            </person-group>
            <year>2014</year>
            <article-title>Glove: Global Vectors for Word Representation</article-title>
            <source>Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP)</source>
            <volume>25</volume>
            <pub-id pub-id-type="doi">10.3115/v1/d14-1162</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B15">
        <label>15.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Vaswani, A., <italic>et al</italic>. (2017) Attention Is All You Need. arXiv: 1706.03762.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Vaswani, A.</string-name>
            </person-group>
            <year>2017</year>
            <article-title>Attention Is All You Need</article-title>
            <fpage>1706</fpage>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B16">
        <label>16.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Noh, S. (2021) Analysis of Gradient Vanishing of RNNs and Performance Comparison. <italic>Information</italic>, 12, Article 442. https://doi.org/10.3390/info12110442 <pub-id pub-id-type="doi">10.3390/info12110442</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.3390/info12110442">https://doi.org/10.3390/info12110442</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Noh, S.</string-name>
            </person-group>
            <year>2021</year>
            <article-title>Analysis of Gradient Vanishing of RNNs and Performance Comparison</article-title>
            <source>Information</source>
            <volume>12</volume>
            <elocation-id>442</elocation-id>
            <pub-id pub-id-type="doi">10.3390/info12110442</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B17">
        <label>17.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Su, J., Ahmed, M., Lu, Y., Pan, S., Bo, W. and Liu, Y. (2024) Roformer: Enhanced Transformer with Rotary Position Embedding. <italic>Neurocomputing</italic>, 568, Article ID: 127063. https://doi.org/10.1016/j.neucom.2023.127063 <pub-id pub-id-type="doi">10.1016/j.neucom.2023.127063</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.neucom.2023.127063">https://doi.org/10.1016/j.neucom.2023.127063</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Su, J.</string-name>
              <string-name>Ahmed, M.</string-name>
              <string-name>Lu, Y.</string-name>
              <string-name>Pan, S.</string-name>
              <string-name>Bo, W.</string-name>
              <string-name>Liu, Y.</string-name>
            </person-group>
            <year>2024</year>
            <article-title>Roformer: Enhanced Transformer with Rotary Position Embedding</article-title>
            <source>Neurocomputing</source>
            <volume>568</volume>
            <fpage>127063</fpage>
            <elocation-id>ID</elocation-id>
            <pub-id pub-id-type="doi">10.1016/j.neucom.2023.127063</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B18">
        <label>18.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Burkov, A. (2025) The Hundred-Page Language Models Book: Hands-On with PyTorch. True Positive Inc.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Burkov, A.</string-name>
            </person-group>
            <year>2025</year>
            <article-title>The Hundred-Page Language Models Book: Hands-On with PyTorch</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B19">
        <label>19.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Dao, T., Ermon, S., Fu, D., Ré, C. and Rudra, A. (2022) Flashattention: Fast and Memory-Efficient Exact Attention with IO-Awareness. <italic>Advances in Neural Information Processing Systems</italic> 35, New Orleans, 28 November-9 December 2022, 16344-16359. https://doi.org/10.52202/068431-1189 <pub-id pub-id-type="doi">10.52202/068431-1189</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.52202/068431-1189">https://doi.org/10.52202/068431-1189</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Dao, T.</string-name>
              <string-name>Ermon, S.</string-name>
              <string-name>Fu, D.</string-name>
              <string-name>Rudra, A.</string-name>
            </person-group>
            <year>2022</year>
            <article-title>Flashattention: Fast and Memory-Efficient Exact Attention with IO-Awareness</article-title>
            <source>Advances in Neural Information Processing Systems 35</source>
            <volume>28</volume>
            <pub-id pub-id-type="doi">10.52202/068431-1189</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B20">
        <label>20.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I. and Salakhutdinov, R. (2014) Dropout: A Simple Way to Prevent Neural Networks from Overfitting. <italic>Journal of Machine Learning Research</italic>, 15, 1929-1958.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Srivastava, N.</string-name>
              <string-name>Hinton, G.</string-name>
              <string-name>Krizhevsky, A.</string-name>
              <string-name>Sutskever, I.</string-name>
              <string-name>Salakhutdinov, R.</string-name>
            </person-group>
            <year>2014</year>
            <article-title>Dropout: A Simple Way to Prevent Neural Networks from Overfitting</article-title>
            <source>Journal of Machine Learning Research</source>
            <volume>15</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B21">
        <label>21.</label>
        <citation-alternatives>
          <mixed-citation publication-type="book">Goodfellow, I., Bengio, Y. and Courville, A. (2016) Deep Learning. MIT Press.</mixed-citation>
          <element-citation publication-type="book">
            <person-group person-group-type="author">
              <string-name>Goodfellow, I.</string-name>
              <string-name>Bengio, Y.</string-name>
              <string-name>Courville, A.</string-name>
            </person-group>
            <year>2016</year>
            <article-title>Deep Learning</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B22">
        <label>22.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Loshchilov, I. and Hutter, F. (2019) Decoupled Weight Decay Regularization. arXiv: 1711.05101.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Loshchilov, I.</string-name>
              <string-name>Hutter, F.</string-name>
            </person-group>
            <year>2019</year>
            <article-title>Decoupled Weight Decay Regularization</article-title>
            <fpage>1711</fpage>
          </element-citation>
        </citation-alternatives>
      </ref>
    </ref-list>
  </back>
</article>