Cross-Site Scripting (XSS) attack exploits scripting security bugs and issues on the website. XSS attack focuses and occurred on client browser application or frontend. It consists of three types of attacks: stored, reflected, and document object manipulation. The XSS attacks can cause fatal and dangerous problems, such as theft of user data, account takeovers, and illegal access to banking transactions or important data. Studies on XSS detection and mitigation have been carried out by some researchers, but it still leaves some problems, such as there is no connected mitigation to respond to the attack, using only a single-layer security mechanism and fewer payload data to test, weak measurement of the defense effectiveness from XSS attack, and the use of insufficient experiment and data testing. In addition, the method used in previous research still fails to solve all types of XSS attack. Most of the previous research also separates the method of attack detection and its mitigation. Therefore, this study proposes not only for detection but also for mitigation to overcome XSS attacks. The proposed method in this study is divided into two parts: detection and mitigation method. The proposed detection method is by using machine learning, based on lexical analysis. Then, the proposed mitigation method is the multi-layer security method which consists of five layers of the security. The proposed method has been structured systemati-cally and procedurally. In previous research, the partial methods proposed in this paper has been effectively implemented. There-fore, the proposed method is regarded as appropriate method to detect and mitigate XSS attack.

Keywords—XSS, cross site scripting, mitigation system, machine learning, cyber-attack, lexical analysis