期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于相似性计算的高效存储型XSS客户端攻击识别模型 被引量:1

Efficient stored XSS attack recognition model based on similarity computation
下载PDF
导出
摘要 针对存储型XSS攻击的主要注入方法和基本变异方式,文中设计并实现了一种在客户端识别存储型XSS攻击字符串的模型。首先通过选取攻击特征,计算特征权重来构建类型标准向量组。其次对预处理后的字符串识别攻击特征,构建攻击特征向量,将其与向量组中的类型标准向量进行相似性计算。再次将结果与阈值比较,对字符串进行攻击类型分类。最后构造了攻击字符串测试所提出的模型,并与Github上两个经典的开源XSS过滤工具进行识别率比较,结果验证了所提出的模型可以有效地识别存储型XSS攻击。 Aiming at the main injection method and the basic variation method of stored XSS attack,this paper designs and implements a model to identify attack strings of stored XSS on the client side. Firstly,the attack feature is selected and the feature weight is calculated to build the standard vector group of the attack types. Then,the attack feature of the pre-processed string is identified,the attack feature vector is constructed,and the similarity of the vector and the type standard vector in the vector group is calculated.Next,the result is compared with the threshold determined previously and the strings are classfied. Finally,the model by the attack string testing is constructed. Attack recognition rates of the model are compared with that of two popular open source XSS filters on Github,the results verify that the model can effectively identify the stored XSS attack.
作者 程宏兵 宁一笑 钱漫匀
机构地区 浙江工业大学计算机科学与技术学院(软件学院) 南京大学软件新技术国家重点实验室
出处 《南京邮电大学学报(自然科学版)》 北大核心 2017年第4期84-90,共7页 Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金 国家自然科学基金(61402413) 浙江省自然科学基金(LY14F020019)资助项目
关键词 相似性计算 XXS 攻击识别 similarity computation XXS attack recognition
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献3

二级参考文献25

  • 1Wichers D. The top 10 most critical web application security risks[ R]. The Open Web Application Security Project (OWASP), 2010.
  • 2Kirda E, Vigna G, Jovanovic N. Noxes: a client-side solution for mitigating cross-site scripting attacks [ C ] //The 21st Annum ACM Symposium on Applied Computing. New York, USA: ACM, 2006: 330-337.
  • 3Kirda E, Kruegel C, Virgac G. Client-side cross-site scripting protection[ J]. Computers and Security, 2009, 28 (7) : 592-604.
  • 4Livshits B, Cui W. Spectator: detection and containment of JavaScript worms [ C ]//USENIX 2008 Annual Technical Conference on Annual Technical Conference. Boston, USA: ACM, 2008; 335-348.
  • 5Sun F, Xu L, Su Z. Client-side detection of XSS worms by monitoring payload propagation [ C ] //Proceedings of the 14th European Conference on Research in Computer Security. Saint-Malo, France: ACM, 2009: 539-554.
  • 6Fogie S, Hansen R, Rager A, et al. XSS attacks: cross site scripting exploits and defense [ M ]. New York: Syngress Media, 2007.
  • 7Garcia J, Navarro G.A survey on cross-site scripting attacks : USA, abs/0905. 4850 [ P/OL]. (2009-05-29) [ 2010-10-12 ] http ://arxiv. org/pdf/0905. 4850v1.
  • 8Faghani M, Saidi H. Social networks' XSS worms[ C]//International Conference on Computational Science and Engineering. Vancouver, Canada: IEEE Computer Society, 2009 : 1137-1141.
  • 9Dabirsiaghi A. Building and stopping next generation XSS worms[ C]//3rd International OWASP Symposium on Web Application Security. Ghent, Belguim, 2008.
  • 10Network Working Group. HTTP methods: USA, internet RFC 2616 [ P/OL ]. (2004-09-01) [ 2010-10-12 ] http: //www. w3. org/ Protocols/rfc2616/rfc2616. html.

共引文献23

同被引文献14

引证文献1

南京邮电大学学报(自然科学版)
2017年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部