期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于最大熵模型的XSS攻击检测模型 被引量:7

XSS Attack Detection Model Based on Maximum Entropy Model
原文传递
导出
摘要 为提高XSS(cross-site scripting,跨站脚本)攻击检测的准确性,提出了一种基于最大熵模型的XSS攻击检测模型,将攻击检测转化为对用户输入进行二分类的问题.首先,通过输入预处理模块对用户提供的原始输入进行规范化处理;然后,由特征提取模块将用户输入按照预定义的特征序列转化成特征向量,并将特征向量交由最大熵分类器进行分类;最后,由结果处理模块根据分类的结果进行后续的处理.实验结果表明,该检测模型在实际的XSS攻击检测中准确率较高,漏报率和误报率都相对较低,且部署简单,实用性较好. In order to improve the accuracy of XSS(cross-site scripting)attack detection,this paper presents an XSS attack detection model based on maximum entropy model and transforms the attack detection into the user input binary classification problem.Firstly,the model normalizes the original user input by pre-processing module of input;secondly,the feature extraction module transforms the user input into the feature vector in accordance with the predefined feature sequence and submits the feature vector to maximum entropy classifier for classification;finally the result processing module finishes the subsequent processing according to the classification.The result of experiment shows that the model which has simple deployment has a good practicability with higher accuracy rate,lower false negative rate and false positive rate in the actual XSS attack detection.
作者 张思聪 谢晓尧 景凤宣 徐洋
机构地区 贵州师范大学贵州省信息与计算科学重点实验室
出处 《武汉大学学报(理学版)》 CAS CSCD 北大核心 2016年第2期177-182,共6页 Journal of Wuhan University:Natural Science Edition
基金 贵州省基础研究重大项目(黔科合JZ字[2014]2001号)
关键词 WEB应用安全 跨站脚本 最大熵模型 Web application security XSS(cross-site scripting) maximum entropy model
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献3

二级参考文献32

  • 1Wichers D. The top 10 most critical web application security risks[ R]. The Open Web Application Security Project (OWASP), 2010.
  • 2Kirda E, Vigna G, Jovanovic N. Noxes: a client-side solution for mitigating cross-site scripting attacks [ C ] //The 21st Annum ACM Symposium on Applied Computing. New York, USA: ACM, 2006: 330-337.
  • 3Kirda E, Kruegel C, Virgac G. Client-side cross-site scripting protection[ J]. Computers and Security, 2009, 28 (7) : 592-604.
  • 4Livshits B, Cui W. Spectator: detection and containment of JavaScript worms [ C ]//USENIX 2008 Annual Technical Conference on Annual Technical Conference. Boston, USA: ACM, 2008; 335-348.
  • 5Sun F, Xu L, Su Z. Client-side detection of XSS worms by monitoring payload propagation [ C ] //Proceedings of the 14th European Conference on Research in Computer Security. Saint-Malo, France: ACM, 2009: 539-554.
  • 6Fogie S, Hansen R, Rager A, et al. XSS attacks: cross site scripting exploits and defense [ M ]. New York: Syngress Media, 2007.
  • 7Garcia J, Navarro G.A survey on cross-site scripting attacks : USA, abs/0905. 4850 [ P/OL]. (2009-05-29) [ 2010-10-12 ] http ://arxiv. org/pdf/0905. 4850v1.
  • 8Faghani M, Saidi H. Social networks' XSS worms[ C]//International Conference on Computational Science and Engineering. Vancouver, Canada: IEEE Computer Society, 2009 : 1137-1141.
  • 9Dabirsiaghi A. Building and stopping next generation XSS worms[ C]//3rd International OWASP Symposium on Web Application Security. Ghent, Belguim, 2008.
  • 10Network Working Group. HTTP methods: USA, internet RFC 2616 [ P/OL ]. (2004-09-01) [ 2010-10-12 ] http: //www. w3. org/ Protocols/rfc2616/rfc2616. html.

共引文献19

同被引文献39

引证文献7

二级引证文献7

武汉大学学报(理学版)
2016年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部