Privacy-preserving federated hybrid deep learning framework for robust cross-site scripting detection in distributed web applications
Mudanahalli Bhaskarachar Bharath, Nalla Ramaswamy LathaWeb application security remains a critical domain as cross-site scripting (XSS) continues to be one of the most prevalent and damaging client-side vulnerabilities in modern web systems. Existing XSS detection approaches, particularly centralized and rule-based models, struggle to generalize against obfuscated and zero-day payloads while raising serious privacy concerns due to centralized data handling. To overcome these limitations, this article proposes FedXSS-Guard, an adversarially robust and privacy-preserving federated hybrid deep learning framework for XSS detection. The framework integrates Transformer-based contextual encoders with BiLSTM (Bidirectional Long Short-Term Memory) sequential modeling and adversarial training to capture semantic, temporal and mutation-based attack patterns while ensuring data confidentiality through federated learning. Extensive experiments conducted on real-world datasets, including OWASP (Open Web Application Security Project), XSSed, GitHub repositories and enterprise traffic logs. The experimental results demonstrates a superior performance by achieving 98.6% accuracy, 98.1% precision, 98.9% recall, 98.5% F1-score and an AUC of 0.99. while maintaining sub-5 ms detection latency across server, edge and mobile environments. These results validate the framework’s suitability for real-time and privacy-critical web application security.