摘要
为提高XSS(cross-site scripting,跨站脚本)攻击检测的准确性,提出了一种基于最大熵模型的XSS攻击检测模型,将攻击检测转化为对用户输入进行二分类的问题.首先,通过输入预处理模块对用户提供的原始输入进行规范化处理;然后,由特征提取模块将用户输入按照预定义的特征序列转化成特征向量,并将特征向量交由最大熵分类器进行分类;最后,由结果处理模块根据分类的结果进行后续的处理.实验结果表明,该检测模型在实际的XSS攻击检测中准确率较高,漏报率和误报率都相对较低,且部署简单,实用性较好.
In order to improve the accuracy of XSS(cross-site scripting)attack detection,this paper presents an XSS attack detection model based on maximum entropy model and transforms the attack detection into the user input binary classification problem.Firstly,the model normalizes the original user input by pre-processing module of input;secondly,the feature extraction module transforms the user input into the feature vector in accordance with the predefined feature sequence and submits the feature vector to maximum entropy classifier for classification;finally the result processing module finishes the subsequent processing according to the classification.The result of experiment shows that the model which has simple deployment has a good practicability with higher accuracy rate,lower false negative rate and false positive rate in the actual XSS attack detection.
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2016年第2期177-182,共6页
Journal of Wuhan University:Natural Science Edition
基金
贵州省基础研究重大项目(黔科合JZ字[2014]2001号)
关键词
WEB应用安全
跨站脚本
最大熵模型
Web application security
XSS(cross-site scripting)
maximum entropy model