Abstract
Web application security remains a critical domain as cross-site scripting (XSS) continues to be one of the most prevalent and damaging client-side vulnerabilities in modern web systems. Existing XSS detection approaches, particularly centralized and rule-based models, struggle to generalize against obfuscated and zero-day payloads while raising serious privacy concerns due to centralized data handling. To overcome these limitations, this article proposes FedXSS-Guard, an adversarially robust and privacy-preserving federated hybrid deep learning framework for XSS detection. The framework integrates Transformer-based contextual encoders with BiLSTM (Bidirectional Long Short-Term Memory) sequential modeling and adversarial training to capture semantic, temporal and mutation-based attack patterns while ensuring data confidentiality through federated learning. Extensive experiments conducted on real-world datasets, including OWASP (Open Web Application Security Project), XSSed, GitHub repositories and enterprise traffic logs. The experimental results demonstrates a superior performance by achieving 98.6% accuracy, 98.1% precision, 98.9% recall, 98.5% F1-score and an AUC of 0.99. while maintaining sub-5 ms detection latency across server, edge and mobile environments. These results validate the framework’s suitability for real-time and privacy-critical web application security.
Keywords
Introduction
Web applications form the core of the modern digital world, however, they are susceptible to attack through various injection types, the most prominent one being Cross-Site Scripting (XSS). XSS has consistently been listed among the OWASP top 10 web security risks
1
and defined as a severe software vulnerability in MITRE CWE
Numerous Machine Learning (ML) and Deep Learning (DL) techniques have been proposed for the detection and defense of XSS attacks. In several studies supervised learning methods have been used to classify and identify malicious payloads. 4 Liu et al. Used taint tracking to detect Document Object Model (DOM) XSS vulnerabilities within Single Page Applications (SPAs) 5 and Althobaiti conducted a survey of the existing XSS detection methods, highlighting their advantages and weaknesses. 6 Kumar et al. Propose using static analysis to find Document Object Model (DOM) vulnerabilities and Zhang and Wei proposed detecting XSS risks in mobile WebView. 7
Kuppusamy and Srinivasan employed several ML algorithms for classifying XSS payloads 8 whereas Singh and Sharma used Random Forest classifier to detect malicious JavaScript code. 9 The Bidirectional Long Short-Term Memory (BiLSTM) network can be used to analyze HTTP request patterns 10 whereas BERT (Bidirectional Encoder Representations from Transformers) a transformer based approach can use contextual representation of words to detect malicious scripts more accurately. 11 Recently a context aware deep learning framework was also proposed to increase the robustness of script injection defense. 12
The security against adversarial attacks has been a key concern in building robust web security systems. Zhang et al. Demonstrate the effective use of adaptive attack strategy against Web Application Firewalls (WAFs) 13 and Wang and Jiang evaluates deep learning systems against adversarial attack. 14 Zhou discusses the vulnerability of neural network based web security systems to adversarial manipulation 15 and Liu and Hu investigated resilience of intrusion detection system to payload mutation attacks. 16
Sharma and Kumar addressed privacy issues of the web-based datasets 17 and Ahmed and Qureshi highlight some issues concerning collaborative intrusion detection system. 18 Recently, federated learning (FL) is an emerging trend to promote privacy-preserving web security systems. Yang et al. Lay down the fundamental concepts of FL in security applications 19 and Aledhari et al. Demonstrate enabling technologies and protocols for FL in web applications. 20 Moreover, FL is applied in building a malware detection system for IoT systems. 21 Xu et al. Proposed an FL based intrusion detection system for edge computing environments 22 and Ahmed and Kim analyze FL advantages and limitations in Zhang et al. 13
Efficiency and real time operation of web security systems have been key research areas. Gao and Zhang proposed low-latency deep learning models for WAFs 23 and Lin evaluates ML based WAF against high throughput. 24 Khan and Li discuss the real world deployment of deep learning based security system. 25 Furthermore Chen and Xu built context aware ML models for web applications 26 and Wang and Zhang used contextual embedding to improve the detection performance of XSS detection. 27 He and Luo used sanity aware model to efficiently process web payloads, 28 while Yadav and Singh proposed FL based deep learning for privacy preserving security. Huang introduced transformer-based architecture for injection attack detection, 29 whereas Patel and Sharma focus on evaluation of adversarial robustness. 30 Zhou and Li discussed attack detection for SPA 31 and Prakash and Bose developed hybrid deep learning for robust XSS defense. 32 Li and Chen developed FL based adversarial framework for web security and Hussain and Wong developed real-time context aware FL system for XSS defense.
Despite all the improvements the main research problems remain largely unsolved. Traditional ML and DL systems are still susceptible to adaptive adversarial attacks,16,30 FL while promising privacy preserving still faces issues related to communication overhead and robustness against malicious clients and it has not been explored in SPAs and mobile environments.31,33 Therefore, a robust, scalable, real time and privacy preserving system remains an open research problem.32,34 This article proposes a context aware federated deep learning framework for improving security of modern web and mobile applications.
Unlike hybrid or federated detection systems that approach these problems separately, the proposed framework combines privacy preservation, adversarial robustness and hybrid context-sequential modeling into an integrated architecture and is highly effective in detecting complex and evolving XSS attacks in a distributed environment.
XSS is one of the persistent and threatening attack that targets modern web applications and the evolution of novel attack variants.Traditional detection methods including rule-based detection systems and centrally trained ML models cannot efficiently detect novel and varying attack patterns and also have potential issues in privacy preservation. Thus, there is a need for efficient and privacy-preserving detection methods. This work seeks to tackle these problems by proposing an framework that aims to effectively detect complex and obfuscated XSS payloads without any data sharing from clients. Most existing detection mechanisms lack generality, adaptability, and resilience against adversarial attacks. This has remained an open and important research problem. To overcome such challenges, this article proposes a Federated Hybrid Deep Learning model called FedXSS-Guard.
The proposed model integrates contextual learning and adversarial training techniques for high detection accuracy while maintaining data privacy and scalability across different deployment scenarios. The novelty of the framework stems from its combination of federated learning, hybrid deep learning architectures, and adversarial robustness techniques that allow secure XSS detection without sharing private user data among clients, while maintaining resilience against advanced attack schemes.
Key contributions
The key contributions of this work are:
A federated deep learning framework is proposed for the detection of XSS attacks that allows collaboration among several organizations without exposing their private raw traffic data. A context aware detection mechanism is designed, and aims to capture the execution patterns of attack payloads in multiple environments including HTML attributes, JavaScript, CSS and URLs parameters. Robustness against automatically generated or mutated attack payloads is tested thoroughly. Performance is evaluated against diverse sets of data from state-of-the-art applications such as SPA (Single Page Applications), mobile web view and IoT dashboards. Real-time deployment with detection delay lower than 5ms and a high rate of traffic throughput is achieved.
The developed approach combines federated learning, context aware analysis and adversarial robust capability for improving state of the art in XSS detection. Our approach does not reveal private data of each institution and allows them to collaborate while preserving their data, improves the accuracy of the XSS attack detection and is robust against an increasingly evolved attack environment.
Motivation
The web application is becoming complicated and these applications are most susceptible to cross site scripting attacks which can bypass usual security models. The current methods used to detect the attack do not detect changing attack signatures and obfuscated scripts. These methods also have privacy concerns as the data are centralized. This article proposes a system which will detect the attack in an efficient manner without sharing the data with any other centralized system.
Organisation of the article
The rest of this article is organized in the following way. Section 2 provides an in-depth overview of the current XSS detection methods and reveals the major gaps in the research. Section 3 explains the presented FedXSS-Guard architecture, its federated structure, hybrid modelling plan, and the adversarial training process. Section 4 gives the description of the experimental setup, datasets, evaluation metrics. Section 5 refers to the performances and area implication outcomes. Finally, Section 6 concludes the article and points to the potential directions for future research.
Literature survey
There have been many efforts in XSS defense within the 2021
Adversarial robustness was a central topic in the 2023 year in particular. Lee et al showed that many deep learning models used for XSS detection can be extremely susceptible to adversarial attacks. 35 Ahmed and Nair implemented adversarial training using fuzzed payloads to improve detection against attacks that have been seen, but only validated against specific controlled scenarios. 7 Banerjee et al proposed a distributed detection framework in the cloud-assisted architecture that relies on distributing computation over the cloud and edge layers, with improved performance but raising privacy issues.
In 2024 research on XSS detection revolved around the concept of Federated Learning (FL). Tang et al proposed a framework based on FL that allowed for collaborative training of a malicious payload detector without the transmission of any sensitive data across models, but did not consider performance for SPA or mobile usage. 9
Reddy et al. integrated transformer models with DOM-based contextual embeddings to improve detection in SPA environments, reducing false positives but lacking compatibility with federated settings.
10
Huang and Li evaluated hybrid deep learning models under latency constraints, demonstrating strong accuracy but difficulty in meeting strict real-time requirements such as sub
Table 1 summarizes the overall comparative overview of XSS detection techniques presented from 2021
Summary of existing XSS detection approaches and research gaps.
Summary of existing XSS detection approaches and research gaps.
In 2025, Srinivasan et al proposed a real time sanitization framework based on reinforcement learning so as to allow the filter of evolving attack payload 12 while, Chen et al augmented the detection models based on transformer with an adversarial robustness component but it has yet to show promise in distributed environment. 13 Tregi and Al-Zubaidie presented a protocol for secure traffic data with quantum digital signatures combined with privacy-enhancing approaches, which addresses data integrity and confidentiality, but to secure the traffic data, the researchers primarily focused on secure communication and neglected detection of application-layer attacks like cross-site scripting. 37
Existing federated intrusion and malware detection systems mainly focus on network level or binary classification; The developed federated system aims at detecting XSS attacks under complicated and obfuscated web payload, whereas previously proposed hybrid deep learning models are trained under centralized mode without considering privacy constraints. The developed framework fills this gap by integrate federated learning with hybrid context and sequential modeling, as well as adversarial robustness.
The comparison study also highlights some key drawbacks:
Low integration of federated learning with sophisticated hybrid architectures like Transformer-BiLSTM with adversarial training. Unadequate study with modern application usage paradigms such as SPAs, mobile WebViews, IoT dashboard applications. Insufficient research on low latency real-time detection: achieving sub Shortage of dynamic, large-scale benchmark datasets that model new attack trends and diversity. No enough defenses on adversarially engineered, obfuscated, and polymorphic payloads.
Problem statement
Despite the enormous research effort in developing XSS detection models, most current models are not practical in real-world use. CNN- and RNN-based models are better than rule-based methods; however, they have difficulty in detecting polymorphic, obfuscated and dynamically generated payloads. Transformer-based models perform better contextual learning than CNN and RNN, but they have very high computational cost which is not suitable for low-latency environments and ensemble methods can further raise the inference time. Moreover, the existing models have low robustness in dealing with adversarial and mutation-based attacks, especially in SPAs and DOM-driven environments. Although FL is able to preserve user privacy, current solutions are poorly scalable, weakly robust and difficulty to deploy on different platforms. Therefore, key challenges of XSS detection systems can be summarized as follows:
Proposed solution
A federated deep learning framework for context-aware and robust XSS detection across modern web and mobile applications is proposed. The framework is aimed to address the aforementioned limitations by integrating a Transformer-enhanced deep learning architecture with a sequential modeling technique, enabling both deep contextual semantic understanding and temporal dependency capture between web payload elements. By incorporating DOM structure information through tree representation and utilizing a sequence generation approach, it aims to handle complex DOM interaction-based attacks.
Furthermore, to increase adversarial robustness, the model is trained using a comprehensive strategy incorporating adversarial generation of dynamic attack payloads, aiming to withstand evolving, obfuscated, and mutating attacks. The federated learning paradigm enables collaborative model training across multiple organizations without revealing the private data and also allows for efficient distribution. Low-latency inference and high throughput capabilities of the framework enable practical enterprise-grade web security applications. Through a combined approach of contextual intelligence, adversarial robustness and privacy preservation, this work fills the gap between advanced experimental models and practical, robust web security systems.
Novelty of proposed system
The proposed FedXSS-Guard framework presents a unified approach for XSS detection by integrating federated learning with hybrid deep models. Unlike existing methods, it enables privacy-preserving collaborative training without sharing raw data. The combination of Transformer-based contextual learning and BiLSTM-based sequential modeling enhances the detection of complex payload patterns. Additionally, adversarial sample generation improves robustness against obfuscated and evolving attacks. This joint design addresses key challenges of privacy, robustness, and generalization in distributed environments, distinguishing it from prior approaches.
Proposed methodology
FedXSS-Guard proposed in this framework is to be a practical, context-aware and privacy-preserving defense system against Cross-Site Scripting (XSS) attacks in contemporary Web and Mobile applications. The integration of federated deep learning with Transformer-based contextual analysis and adversarial training under one unified design can simultaneously solve the aforementioned technical challenges of scale, robustness, and generalization.
The overall system architecture is given in Figure 1. The system is comprised of the following sub-modules.

Proposed FedXSS-Guard System Architecture.
The end-to-end pipeline of the proposed system is shown in Figure 1. The data collected from distributed client environments such as web applications, mobile platforms, etc. As well as from DOM execution traces pass through the preprocessing module, which further converts the input payload and DOM structure into a meaningful and context-aware representation. In this module, the proposed system extract’s useful features, then encode them with numerical values and normalize them in order to avoid noisy features, to extract essential semantic information and context.
Two parallel streams proceed from the preprocessing stage. Firstly, a
The proposed FedXSS-Guard framework proceeds in a well-defined workflow in order to perform the detection:
Local web traffic data and DOM execution trace information are gathered by every participant client. Tokenization, normalization, and feature encoding on the raw inputs are carried out by the preprocessing module. To increase resilience toward novel attack variations, local models are trained using both real and adversarially generated payload. After local model training, the model updates are transmitted securely to the federated aggregator without revealing the actual data. Periodical aggregation of global model updates, optimization and distribution to all participants are ensured. Online traffic streams are classified in real-time, while proper operations, such as sanitizing and blocking malicious payloads, are enforced.
Figure 2 illustrates the whole operational pipeline of the proposed framework. Initially, payloads collected locally are preprocessed and augmented with adversarial attacks in order to get both clean and synthetic ones. Based on the hybrid model of the Transformer encoder, BiLSTM layers and a classification module along with the adversarial loss regularization is built. Next, client model updates are securely sent to the central server and aggregated using the FedAvg strategy. Moreover, noise perturbation may be added to the updates to improve privacy. After that, noise is reduced, knowledge distillation and adversarial regularization are performed to improve generalization ability of the global model under the heterogeneous circumstances. Lastly, the fine-tuned global model is adopted for real-time inference and requests are classified and actions are taken to block or sanitize malicious inputs by the decision engine. Suitable clients are selected in every round of federation learning. There are two decision engines in the architecture, each at a different level. The local decision engine provides client side detection, for prompt response, whereas the global decision engine combines information from various clients to improve detection accuracy.

Proposed hybrid federated adversarial detection framework.
The end-to-end workflow of the proposed FedXSS-Guard framework as Algorithm 1. The overall process includes preprocessing step, locally trained adversarial augmented model training, federated aggregation, and global training to improve generalization over heterogeneous environment, followed by online decision-making to classify the incoming payloads as safe or malicious.
Mathematical model
Notation
Let
Adversarial Augmentation
To improve robustness, an adversarial generator
Federated Aggregation
After local training, the global model is obtained using Federated Averaging (FedAvg):
Global Optimization
The aggregated model is further refined using adversarial regularization and knowledge distillation:
Decision Rule and Constraints
The final prediction is obtained as:
Client Selection
To ensure efficient federated learning under heterogeneous conditions, client selection is defined as:
The presented system assumes that there exists a remote attacker which injects malicious scripts into the inputs to perform illegitimate actions on the client-side. The attacks considered include reflected XSS, stored XSS and DOM based XSS. Attacker may formulate covert and disguised payloads by employing various encoding and transformations to circumvent known defenses. However it is assumed that the attacker have no access to any internal parameters of the model and also to the federated server. The ultimate attack site is the client’s side where stealing data or session abuse may occur. The detection system concentrates on finding the malicious input at application level, before its execution; network attacks are excluded.
As demonstrated in Figure 3, the presented architecture has various cross site scripting attack paths and targets external attacker and aims at finding the malicious inputs before the execution.

Threat model of cross site scripting attack.
The efficiency of FedXSS-Guard highly depends on the diversity and quality of the raw input data. To capture realistic attack scenarios, the framework injects data from multiple domains:
To ensure consistency across heterogeneous sources, preprocessing involves:
The combination of multi-source inputs with context-aware preprocessing dramatically improves the detection rate of known and zero-day XSS attacks, combating complex obfuscation and evasion methods developed by attackers.
Adversarial payload generator
This technique generates varieties of attack variations by incorporating various evasion techniques such as mutation-based fuzzing, obfuscation and GAN-based synthesis. This aims to mimic the realistic evasion strategies such as encoding, changing case and transforming the payload. The adversarial samples generated will be used during training to train our models, so it has to learn from both the normal and synthetic attacks. This improves the robustness to zero-day, polymorphic and obfuscated XSS attacks.
Federated aggregation
After the client has performed local training, their model updates are sent securely to the central server while the private data stays private. The framework utilizes FedAvg algorithm to aggregate all the client models to form the final global model and also caters for non-IID data distribution in different clients. The process utilizes adaptive client selection, gradient compression and secure aggregation for improved efficiency and robustness. The updated global model is then sent to all the clients again.
Design rationale and novelty
FedXSS-Guard’s design and novelty is comprised of three aspects:
The above three components allow the system to offer scalability and adapt to future web architectures.
Global optimiser
Multi-step optimization helps to refine the world aggregate production in terms of strengthen robustness and deployment preparedness:
With this optimization the global model achieved a stable performance level across a varied range of contexts without overfitting specific client distributions.
Decision engine
The final level of FedXSS-Guard is the decision making layer that aims to provide a real-time operation:
The decision engine balances the detection accuracy and operational efficiency and hence safeguards applications from proactive XSS attacks without an overwhelming number of false positives.
Experimental setup
Dataset selection
FedXSS-Guard is trained on a combination of public benchmark data and enterprise data to enable comprehensive and robust evaluation of the model. Public datasets include OWASP XSS Corpus (2021), XSSed Archive (2022), GitHub Payload Repository (2023) and our own enterprise logs (2024) cover various attack scenarios including reflected, DOM based, obfuscated and real world XSS attacks. Feature extraction techniques include lexical analysis (token and n-grams), structural features (DOM context), Transformer based embedding and indicators of obfuscation (encoding scheme). Three aspects were evaluated: detection accuracy, robustness against attacks and deployment efficiency.
Dataset preparation and transparency
The publicly available XSS benchmark datasets are utilized, as well as anonymous logs of web traffic within an enterprise. For the enterprise dataset, labeling was performed with rule-based filtering followed by manual check. All personally sensitive information was stripped from the data during preprocessing in order to protect information. The dataset contains both benign and malicious payload examples for each case so as to realistically depict traffic as is present in the world, and is kept private because of Non-Disclosure agreements, which prevents sharing, but publicly available data allows for repeatable experimental results by other researchers.
Preprocessing
The preprocessing pipeline produces a high quality input representation out of the raw logs and samples.The essential steps performed are:
Deduplication (unique sampleset) Tokenisation (context-aware tokenisation of payload strings to retain structure and context) Normalisation (uniform encoding format for malicious payloads)
The model training uses stratified sampling so that benign and malicious samples are balanced.Feature extraction consists of lexical, structural, semantic and adversarial features. All these features are extracted from all the samples.
Federated experimental protocol
The Proposed framework is tested under 10 clients that have local datasets in federated learning setting. It is used non-IID data distribution with diversity based on payload size. The total communication rounds used for training are 50 and every round randomly 70 percent of the clients are chosen. With selected clients the number of local epochs is 3 and mini-batch size is 32 with learning rate 0.001. Model updates are shared to the center server for each round and aggregated by the federated averaging algorithm at center server once every communication round. The size of model update is the set of shared parameters. The communication overhead is the set of exchange parameters for each round between client and center server.
Adversarial sample generation
To develop a robust model, adversarial samples were generated through a combination of mutations and obfuscations. Techniques used in generating adversarial samples include variations of encoding transformations, script injections, and payloads reformulations. These methods are derived from real-world evasions methods. A constant percentage of adversarial samples are injected to the training data per communication rounds in order to simulate time-varying attack patterns. The model is trained to learn features that are invariant and develop an ability to detect new and obfuscated XSS payloads.
Dataset description
Dataset Description was expanded to make it more clear and transparent with respect to the experimental setup. The additional description contains information such as the source of the data, contents of the samples, distribution of classes, preprocessing techniques applied, labeling procedure and splitting of the train-test data. The descriptions of the benchmark dataset available on public domain and anonymized enterprise dataset were also explained in more detail.
Table 2 presents the summary of datasets, features categories and their usage in judging the efficiency of proposed FedXSS-Guard framework. For evaluation purpose of base accuracy, real world exploit and robustness of framework against adversary, publicly available benchmark dataset was used. Anonymized log was collected for assessing applicability of the framework in live environment. Use of heterogeneous data set facilitates an unbiased and thorough performance measurement.
Summary of datasets, features, and purpose in fedXSS-guard evaluation.
Summary of datasets, features, and purpose in fedXSS-guard evaluation.
Table 3 contains statistical information about datasets used in this research: the number of benign/malicious samples, the proportions of train, validation and test sets, and information regarding deduplication. 70% for training, 15% for validation, and 15% for testing was used in all datasets so models could be fairly trained and evaluated. Duplicated records were eliminated in order to mitigate the sampling bias and enhance data quality. A balanced distribution between benchmark and enterprise datasets guarantees appropriate validation across varying working conditions.
Dataset statistics and splits.
The experimental testbed is illustrated in Table 4 below, built around a hybrid server/client architecture with GPU enabled computing power andcontainerised clients.
Experimental testbed configuration.
Experimental testbed configuration.
The experimental testbed that was used to demonstrate the proposed FedXSS-Guard framework is shown in Table 4. It was implemented under Ubuntu 22.04 using Python 3.9 with TensorFlow, Keras and TensorFlow Federated for distributed training. High-performance server with NVIDIA A100 GPU, 64GB RAM was used to centrally manage, while client environment was emulated with Docker containers over simulated WAN.
FedXSS-Guard is compared against few representative state-of-the-art detection approaches which include CNN, BiLSTM, CNN-LSTM hybrid models, and also classic ML models like SVM and Random Forest. It can be seen that both generations of XSS detection approaches, classic and deep learning are included in the baseline detection schemes. The comparative results have also shown that FedXSS-Guard has better context learning ability, robustness toward adversarial payload and scalability for the distributed setting.
Resuts and discussion
Baseline comparison
The selection of baselines covers a range of detection methods from classical rules to recent deep learning methods. The baseline models were trained on the same dataset, the same splitting, the same pre-processing and tested with the same testing criteria to guarantee a fair and consistent evaluation.
As shown in Table 5, XSS detection has undergone several types of evolution from rule based, traditional ML to deep learning. Federated learning with adversarial robustness proposed as FedXSS-Guard has advanced XSS detection in distributed environments where detection can be made on the edge device with privacy concern.
Comparison of baseline methods.
Comparison of baseline methods.
To evaluate the effectiveness of FedXSS-Guard, its performance was benchmarked against state-of-the-art baselines, including traditional machine learning models and modern deep learning architectures. Table 6 presents the comparative results across multiple evaluation metrics.
Overall performance comparison of fedXSS-guard with existing methods.
Overall performance comparison of fedXSS-guard with existing methods.
A comparative study of FedXSS-Guard and conventional machine learning and deep learning based approaches is presented in Table 6. Though, classical methods like SVM and Random Forest demonstrate an acceptable performance they are poor in recall and precision. Various deep learning models such as CNN, BiLSTM and Transformers were proposed which exhibit better detection rate in the range, however, the BiLSTM Transformer further enhances understanding of context and the novel FedXSS-Guard exhibits the highest accuracy (98.6%), recall (98.9%) and AUC (0.99).
Table 6 demonstrates the comparison of FedXSS-Guard’s result against classical machine learning and deep learning models.Classical methods: SVBand Random Forest obtain fair accuracy but the recall and precision can not satisfy requirements. Deep learning models:CNN, BiLSTM and Transformer. These models reveal the strong capability of XSS detection. The deep learning models are all better than classical methods. The BiLSTM-Transformer model can encode long context more,which greatly improves accuracy.FedXSS-Guard obtains the highest score, with 98.6% accuracy, 98.9% recall, precision 98.1%, F1 score 98.5% and 0.99 AUC. The overall performance of all models is shown in Figure 4, where the results for important metrics such as accuracy, precision, recall, F1-score, and AUC are represented. It can be clearly seen from the figure that FedXSS-Guard performs better than baseline models, and particularly shows improved recall (98.9%), reducing the miss detection of XSS attacks. This illustrates the ability of FedXSS-Guard combining federated learning, hybrid deep architecture, and adversarial training to protect the system and demonstrate the excellent ability to detect XSS. BiLSTM-Transformer which can encode long context improves more.FedXSS-Guard performs best with 98.6% accuracy, 98.9% recall,Precision 98.1%, F1 Score 98.5% and 0.99 AUC indicating its strong robustness and scalability.

Performance comparison of FedXSS-Guard with baseline models across multiple metrics.
To validate generalisation, datasets were evaluated separately (Table 7). FedXSS-Guard consistently outperformed baselines across SPAs, WebView, and IoT contexts.
Domain-specific performance of fedXSS-guard.
Domain-specific performance of fedXSS-guard.
Table 7 shows domain-specific performances for FedXSS-Guard. For SPAs, the accuracy, recall and F1-score of FedXSS-Guard is 98.3%, 98.7% and 98.4%, respectively, highlighting that it could leverage DOM context features. For Mobile WebView, the values of accuracy, recall and F1-score are 98.1%, 98.5% and 98.3%, respectively. In addition, FedXSS-Guard achieve slightly weaker performance on IoT dashboards but are still very competitive, 97.9% accuracy, 98.2% recall and 98.0% F1-score, which shows it is stable for resource-limited environment. Figure 5 presents the comparison between FedXSS-Guard in various domains. From the graph, it’s observed that the performance is steady and SPAs gain high recall rate. Both the metrics for Mobile WebView and IoT reach to above 97.9%, and proves the framework’s strong adaptability to all kind of systems.

Domain-specific performance comparison of FedXSS-Guard across SPAs, Mobile WebView apps, and IoT dashboards.
A confusion matrix is often used to measure the effectiveness of a classification model which gives a detailed summary of the prediction performance of the model by classifying the prediction into true and false predictions. Table 8 presents the generic structure of a confusion matrix, while Figure 6 illustrates the specific confusion matrix obtained from the evaluation of FedXSS-Guard.

Confusion Matrix of FedXSS-Guard.
Structure of confusion matrix.
The matrix components are defined as follows:
The confusion matrix in Figure 6 shows the visual representation of the performance of FedXSS-Guard in classification. The increased number of TP and TN implies that the model can be useful to not only detect attacks but also reduce false alarms. On the other hand, both false positives and false negatives are very crucial because low numbers of FP and FN can be important in practice situations where false alarms can result in unnecessary changes, whereas false negatives can result in security threats evading the system. The balance of sensitivity and specificity presented in the matrix is high, which indicates how robust FedXSS-Guard is.
To further evaluate the classification performance of FedXSS-Guard, Receiver Operating Characteristic (ROC) curves are utilized. Figure 7 presents a comparative analysis of ROC curves for FedXSS-Guard and several baseline models.

ROC curve comparison of FedXSS-Guard with baseline models.
The ROC curve is the graph that shows the True Positive Rate (TPR) versus the False Positive Rate (FPR) of the different threshold settings. The Area Under the Curve (AUC) is used to measure the power of the model to discriminate among classes. The AUC value of 1.0 means the perfect classification, and the AUC of 0.5 corresponds to the random guessing.
FedXSS-Guard has AUC of more than 0.98 which proves superior discriminating ability. It means that the model is very effective in accurately separating between malicious and benign inputs of all thresholds. The baseline models on the contrary have lesser scores in the AUC and deteriorate in performance when subjected to adversarial generated payloads.
The superior performance of FedXSS-Guard is attributed to two main factors:
The analysis of ROC curve shows that FedXSS-Guard is not only stable in the normal environment, but also stable in the adversarial environment, and can be a reliable and secure tool in detecting XSS attacks in real-life settings.
Real-time performance was measured by processing 100k requests. Both median (p50) and tail latency (p95) were recorded. Table 9 shows results across environments.
Table 9gives latency distribution in three deployment environments. The median and tail latency of GPU servers are the lowest, which implies their applicability to high-throughput applications. Edge CPUs have a moderate latency that can be used in enterprise-scale applications. Mobile ARM solutions have somewhat higher values, however, below the 10ms mark, making it useful in lightweight real time applications. Figure 8 visually compares median (p50) and tail (p95) latencies. It underlines how performance varies between the use of a GPU based server and the use of a resource limited device and establishes that the proposed FedXSS-Guard framework invariably achieves less than 10ms latency on all platforms even with the demands of real-time detection. The reported sub
Ablation study of model components
An ablation study is also performed to demonstrate the importance of each component in our proposed framework. The proposed framework is experimented by taking away each component one by one, i.e., the contribution of Transformer based contextual learning, BiLSTM based sequential learning, federated learning and adversarial training. Experiments are performed with all settings identically.

Latency comparison across deployment environments.
Latency (ms) across deployment scenarios.
As we see in Table 10, the removal of each module reduces the performance to a certain extent. Specifically, removing adversarial training will make model perform poorly on obfuscated payloads and removing federated learning will make model less capable in distributed data. When Transformer or BiLSTM module is removed, the performance also decreased. Therefore, each module has important impact on the entire system.
Ablation study of model components.
The ablation analysis is demonstrated in Table 10 where the proposed models are obtained by removing the component one by one. It is obvious that the whole framework system has best performance among all the decreased models.
Figure 9 shows an comparison between model variants in the ablation scenario. As we can see, the full model performs better than any other variant, and the accuracy and F1-score and other values are always decreases as a certain component is removed. By comparing with models where components is removed, we can find that adversarial training significantly weakens the robustness, and federal learning decreases the generalization performance in distributed data. Therefore, all the components in the proposed frame work are important.

Ablation study to demonstrate the effectiveness of each component in the proposed FedXSS-Guard framework.
Cross-dataset evaluation is conducted to confirm the generalizability performance of the proposed model under varied data distributions. Moreover, robustness is tested via adversarials tests to prove that the system could also be successful at detecting mutated and evolved attack pattern. All tests are conducted over multiple runs and are presented as the average results. The standard deviation of performance has also a very narrow range thus confirm the robustness and consistency.
Performance is presented as average results with very small range on standard deviation, which can verify robustness and stability. Performance evaluation is tested across several datasets, in order to assess the generalisation over different data distribution. Adversarial robustness has been tested over mutated and obfuscated payloads which simulates real-world attack circumstances. Recent federated learning and deep learning-based researches are included for the comparative study.
Limitations and future work
The FedXSS-Guard framework provides effective performance; however, there are some limitations to address:
For a large number of clients, communication overhead and the training duration in the federated environment can become an issue. The quality of feature extraction and pre-processing might affect model performance differently depending on how it is deployed. This implementation doesn’t leverage some other formal privacy preservation methods such as differential privacy to ensure higher levels of privacy.
Future research can target scalability using optimization techniques in aggregation, remove the dependency on feature engineering manually, and add more privacy assurance methods.
Conclusion
This article presented
Footnotes
Funding
The author(s) received no financial support for the research, authorship and/or publication of this article.
Declaration of Conflicting Interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
