{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T09:14:14Z","timestamp":1765012454900,"version":"3.46.0"},"reference-count":48,"publisher":"Wiley","issue":"27-28","license":[{"start":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T00:00:00Z","timestamp":1763337600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Concurrency and Computation"],"published-print":{"date-parts":[[2025,12,25]]},"abstract":"<jats:title>ABSTRACT<\/jats:title>\n                  <jats:p>Web\u2010based systems are vulnerable to continuously evolving or self\u2010updating attacks such as Cross\u2010Site Scripting (XSS). Traditional Intrusion Detection Systems (IDS) provide limited protection against this threat through signature\u2010based and anomaly\u2010based methods. In this study, Machine Learning (ML) methods are used in conjunction with Deep Reinforcement Learning (DRL) techniques. In the proposed approach, ML methods are utilized to rapidly detect known attacks, while DRL provides adaptive learning against more general and unknown threats. These two components are trained independently and then make decisions through a weighted combination during the prediction phase. The aim is to address the shortcomings of current IDS systems in defending against dynamic XSS attacks. Experimental results show that, in real\u2010time IDS environments, combining Random Forest with Word2Vec ensures detection within 10\u2009ms, maintains an F1 score of about 0.99, and keeps computational cost minimal. In contrast, for offline or SOC\u2010based setups where longer training and adaptive learning are acceptable, the DDQN\u2013Word2Vec combination proves most effective. Overall, the proposed hybrid system delivers scalable, real\u2010time protection against dynamic and zero\u2010day web threats.<\/jats:p>","DOI":"10.1002\/cpe.70449","type":"journal-article","created":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:25:12Z","timestamp":1763443512000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Hybrid Deep Reinforcement and Machine Learning\u2010Based Intrusion Detection System for Dynamic\n                    <scp>XSS<\/scp>\n                    Attacks"],"prefix":"10.1002","volume":"37","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7093-0153","authenticated-orcid":false,"given":"Mustafa","family":"Kara","sequence":"first","affiliation":[{"name":"Department of Computer Engineering National Defence University  Istanbul Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fatma Bet\u00fcl","family":"Okur","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering Atat\u00fcrk Strategic Studies and Graduate Institute, National Defence University  Istanbul Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammed Ersin","family":"Durmu\u015fkaya","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering Istanbul Kultur University  Istanbul Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Murat Utku","family":"Kabasakalo\u011flu","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering National Defence University  Istanbul Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ay\u015fe","family":"Okutan Kara","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering National Defence University  Istanbul Turkey"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","published-online":{"date-parts":[[2025,11,17]]},"reference":[{"key":"e_1_2_8_2_1","unstructured":"M.Bay \u201c(20) (PDF) What Is Cybersecurity? In Search of an Encompassing Definition for the Post\u2010Snowden Era \u201daccessed January 6 2025 https:\/\/www.researchgate.net\/publication\/308609163_WHAT_IS_CYBERSECURITY_In_search_of_an_encompassing_definition_for_the_post\u2010Snowden_era."},{"key":"e_1_2_8_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/S13198\u2010015\u20100376\u20100"},{"key":"e_1_2_8_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12243-024-01022-8"},{"key":"e_1_2_8_5_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-023-48845-4"},{"key":"e_1_2_8_6_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-025-85866-7"},{"key":"e_1_2_8_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.iswa.2025.200543"},{"key":"e_1_2_8_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3362803"},{"key":"e_1_2_8_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/IISEC54230.2021.9672335"},{"key":"e_1_2_8_10_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7312"},{"key":"e_1_2_8_11_1","doi-asserted-by":"publisher","DOI":"10.1002\/ett.70162"},{"key":"e_1_2_8_12_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7738"},{"key":"e_1_2_8_13_1","doi-asserted-by":"publisher","DOI":"10.3390\/COMPUTERS11030041"},{"key":"e_1_2_8_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.AEI.2024.102685"},{"key":"e_1_2_8_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3224023"},{"key":"e_1_2_8_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3097247"},{"key":"e_1_2_8_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2025.111595"},{"issue":"2","key":"e_1_2_8_18_1","first-page":"243","article-title":"A Vulnerability Detection Method for Internet Cross\u2010Site Scripting Based on Relationship Diagram Convolutional Networks","volume":"24","author":"Guo Z.","year":"2025","journal-title":"Journal of Web Engineering"},{"key":"e_1_2_8_19_1","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1109\/GloSIC50886.2020.9267866","volume-title":"Proceedings\u00a0\u2013\u00a02020 Global Smart Industry Conference, GloSIC 2020","author":"Kascheev S.","year":"2020"},{"key":"e_1_2_8_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/IEMENTech51367.2020.9270052"},{"key":"e_1_2_8_21_1","first-page":"516","volume-title":"Proceedings of 2020 International Conference on Information Management and Technology, ICIMTech 2020","author":"Habibi G.","year":"2020"},{"key":"e_1_2_8_22_1","doi-asserted-by":"publisher","DOI":"10.3745\/JIPS.03.0079"},{"key":"e_1_2_8_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2024.3484491"},{"key":"e_1_2_8_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2025.110318"},{"key":"e_1_2_8_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.icte.2025.05.007"},{"key":"e_1_2_8_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2025.108263"},{"key":"e_1_2_8_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3390722"},{"key":"e_1_2_8_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TAI.2024.3443787"},{"key":"e_1_2_8_29_1","doi-asserted-by":"publisher","DOI":"10.3390\/sym17070985"},{"key":"e_1_2_8_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2025.111162"},{"key":"e_1_2_8_31_1","doi-asserted-by":"publisher","DOI":"10.3390\/app15168924"},{"key":"e_1_2_8_32_1","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.7865"},{"key":"e_1_2_8_33_1","doi-asserted-by":"publisher","DOI":"10.1017\/S1351324916000334"},{"key":"e_1_2_8_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.array.2025.100467"},{"key":"e_1_2_8_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijin.2023.08.001"},{"key":"e_1_2_8_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-017-0345-9"},{"key":"e_1_2_8_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/PerComWorkshops48775.2020.9156168"},{"volume-title":"ML Based WAF\u2010Mitmproxy: CSV and Log Files","year":"2024","author":"Durmu\u015fkaya M. E.","key":"e_1_2_8_38_1"},{"volume-title":"GitHub\u00a0\u2013\u00a0Faizann24\/Fwaf\u2010Machine\u2010Learning\u2010Driven\u2010Web\u2010Application\u2010Firewall: Machine Learning Driven Web Application Firewall to Detect Malicious Queries With High accuracy","year":"2017","author":"Ahmad F.","key":"e_1_2_8_39_1"},{"volume-title":"GitHub\u00a0\u2013\u00a0Morzeux\/HttpParamsDataset: Dataset Contains Several Benign and Attacks Samples Which Can Be Used as Values in HTTP Protocol","year":"2016","author":"Morzeux","key":"e_1_2_8_40_1"},{"key":"e_1_2_8_41_1","unstructured":"F.KevinandD.Pagkalos \u201cXSSed.Com.XSS (Cross\u2010Site Scripting) Information and Vulnerable Websites Archive \u201daccessed: May 02 2025 http:\/\/www.xssed.com\/archive."},{"volume-title":"GitHub\u00a0\u2013\u00a0aref2008\/waf","year":"2021","author":"Shaheed A.","key":"e_1_2_8_42_1"},{"key":"e_1_2_8_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3194452.3194469"},{"key":"e_1_2_8_44_1","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/5280158"},{"key":"e_1_2_8_45_1","first-page":"1206","volume-title":"Proceedings of the 2015 Science and Information Conference, SAI 2015","author":"Wang R.","year":"2015"},{"key":"e_1_2_8_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataSecurity-HPSC-IDS49724.2020.00048"},{"key":"e_1_2_8_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2012.6249380"},{"volume-title":"ACM International Conference Proceeding Series","year":"2014","author":"Vishnu B. A.","key":"e_1_2_8_48_1"},{"key":"e_1_2_8_49_1","first-page":"311","volume-title":"Lecture Notes in Networks and Systems","author":"Hoang X. D.","year":"2021"}],"container-title":["Concurrency and Computation: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/cpe.70449","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T09:11:00Z","timestamp":1765012260000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/cpe.70449"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,17]]},"references-count":48,"journal-issue":{"issue":"27-28","published-print":{"date-parts":[[2025,12,25]]}},"alternative-id":["10.1002\/cpe.70449"],"URL":"https:\/\/doi.org\/10.1002\/cpe.70449","archive":["Portico"],"relation":{},"ISSN":["1532-0626","1532-0634"],"issn-type":[{"type":"print","value":"1532-0626"},{"type":"electronic","value":"1532-0634"}],"subject":[],"published":{"date-parts":[[2025,11,17]]},"assertion":[{"value":"2025-07-26","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-11-06","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-11-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e70449"}}