<![CDATA[The rapid growth of web technologies and online services has increased the exposure of web applications to cyber threats such as Cross-Site Scripting (XSS) and SQL Injection (SQLi). Conventional rule-based mechanisms, such as Web Application Firewalls (WAFs), often fail to detect emerging attack patterns. To address this, Machine Learning (ML) and Deep Learning (DL) have emerged as adaptive approaches for enhancing web attack detection. This study performs a Systematic Literature Review (SLR) following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 guidelines to analyze recent ML/DL-based detection methods. Of the 263 retrieved studies, 15 met the inclusion criteria for detailed review. The findings reveal that Random Forest (RF), Support Vector Machine (SVM), Convolutional Neural Network (CNN), and Long Short-Term Memory (LSTM) are the most applied algorithms. At the same time, recent works emphasize Transformer-based and hybrid ML–DL models. These approaches achieved robust performance (accuracy 85–97%, F1-score >90%) but still face challenges in dataset representativeness, class imbalance, and computational cost. This review highlights future research directions in Explainable Artificial Intelligence (XAI), Federated Learning (FL), and adversarial robustness to develop more efficient and trustworthy web attack detection systems.]]>
Copyrights © 2025
