Transformer-based multiclass classification for detecting cross-site scripting attacks using supervised feature representation learning with transformer encoder

Arda Surya Editya; Ntivuguruzwa Jean De La Croix

doi:10.52465/joscex.v7i2.44

Authors

Arda Surya Editya Department of Informatics, Universitas Nahdlatul Ulama Sidoarjo, Indonesia Author
Ntivuguruzwa Jean De La Croix Department of Technology Innovation, SecureAI Laboratories, University of Rwanda, Rwanda Author

DOI:

https://doi.org/10.52465/joscex.v7i2.44

Keywords:

Cross-site scripting (XSS), Transformer, Multiclass classification, Feature representation learning, Web security

Abstract

Cross-Site Scripting (XSS) remains one of the most prevalent web application attacks, allowing malicious scripts to be injected into web pages and executed in users’ browsers. The increasing diversity and structural complexity of XSS payloads make conventional rule-based and signature-based detection methods less adaptive, particularly in multiclass classification scenarios. This study proposes a Transformer-based multiclass classification approach for detecting XSS attacks using supervised feature representation learning with a Transformer encoder. Experimental results show that the proposed Transformer achieved an accuracy of 0.9904, a weighted F1-score of 0.9898, and a macro F1-score of 0.7301. However, the CNN model achieved the highest overall accuracy (0.9934), while Logistic Regression and SVM demonstrated stronger macro-level performance, indicating better class-wise balance under imbalanced data conditions. These findings show that Transformer-based sequence modeling is effective for capturing contextual payload patterns, but its performance on minority classes remains limited in the current experimental setting. Overall, this study highlights both the potential and the limitations of Transformer-based multiclass XSS detection and contributes to the development of more intelligent and practical web attack detection systems.