摘要
Web应用程序天然存在多种漏洞,使得跨站脚本(Cross-site scripting,XSS)攻击实施简单但能产生较大危害,如何快速准确检测出XSS攻击是Web应用程序面临的一个难题。对此,基于单分类支持向量机(One Class Support Vector Machine,OCSVM)分类器提出一个新的XSS攻击检测模型。采用基于TF-IDF算法的特征向量化方法,对XSS攻击样本进行分析;基于单分类模型,对样本数据进行训练及测试;从准确率、召回率及加权调和平均数三个指标对该模型的检测效果进行评价。实验结果表明,与现有检测方法相比,该检测模型具有更好的检测效果。
Web applications naturally have a variety of vulnerabilities,making cross-site scripting(XSS)attacks easy to implement but can cause great harm.How to quickly and accurately detect XSS attacks is a difficult problem for Web applications.A new XSS attack detection model is proposed based on the one class support vector machine(OCSVM)classifier.The eigenvectorization method based on TF-IDF algorithm was used to analyze the XSS attack samples;based on the single classification model,the sample data was trained and tested;the accuracy,recall rate and weighted harmonic mean were used to evaluatethe detection effect of the proposed model.The experimental results show that our detection model has better detection results than the existing detection methods.
作者
顾兆军
李志平
张礼哲
Gu Zhaojun;Li Zhiping;Zhang Lizhe(College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;Information Security Management and Evaluation Center of Civil Aviation,Civil Aviation University of China,Tianjin 300300,China)
出处
《计算机应用与软件》
北大核心
2021年第6期299-305,共7页
Computer Applications and Software
基金
国家自然科学基金项目(61601467,U1533104)
民航科技项目(MHRD20140205,MHRD20150233)
民航安全能力建设项目(PESA170003,PESA2018079,PESA2018082,PESA2019073,PESA2019074)
中央高校基本科研业务费中国民航大学专项基金项目(3122018D031)。
