Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming more challenging to detect. Several ideas from different perspectives have been put forth that can be used to improve the performance of detecting these web vulnerabilities and preventing the attacks from happening. Machine learning techniques have lately been used by researchers to defend against XSS and CSRF, and given the positive findings, it can be concluded that it is a promising research direction. The objective of this paper is to briefly report on the research works that have been published in this direction of applying classical and advanced machine learning to identify and prevent XSS and CSRF. The purpose of providing this survey is to address different machine learning approaches that have been implemented, understand the key takeaway of every research, discuss their positive impact and the downsides that persists, so that it can help the researchers to determine the best direction to develop new approaches for their own research and to encourage researchers to focus towards the intersection between web security and machine learning.

翻译：关键Web漏洞和攻击（如跨站脚本攻击（XSS）和跨站请求伪造（CSRF））的检测与缓解一直是Web安全领域高度关注的课题。此类Web攻击不断演变，且检测难度日益增加。研究者从不同角度提出了多种方法，以提升检测这些Web漏洞并防止攻击发生的性能。近年来，机器学习技术已被用于防御XSS和CSRF，鉴于其取得的积极成果，可以认为这是一个具有前景的研究方向。本文旨在简要综述该方向已发表的、将经典与先进机器学习应用于识别和防范XSS及CSRF的研究工作。本综述的目的是梳理已实现的不同机器学习方法，理解每项研究的关键结论，讨论其积极影响及尚存的不足，从而帮助研究者确定自身研究的最佳方向，并鼓励研究者将关注点聚焦于Web安全与机器学习的交叉领域。