摘要
由于DOM型跨站脚本攻击的不确定性,导致DOM型跨站脚本攻击防御困难。提出一种DOM型跨站脚本网络攻击防御有效路径模拟,通过构建可信度计算模块,对DOM跨站脚本攻击的路径进行计算,得到脚本攻击的大致过程与攻击特性,依据脚本攻击的攻击特性,建立可信度调度模块,对脚本攻击的访问速率进行检测,获取其攻击过程中的数据变化,凭借上述结果结合三种原则(安全性原则、先进性原则、高可用性原则)组建防御有效路径模拟平台,进而捕获不同防御方法对DOM跨站脚本攻击的数据波动与重定向,以此来实现对防御方法的模拟。实验证明,所设计的模拟平台能够对不同的防御方法进行精确的模拟,同时平台还能够模拟出防御方法的特性与薄弱点。
The uncertainty of DOM type cross site scripting attack results in defense difficult. In this regard, this paper presents an effective defense path simulation of DOM type cross site scripting network attack. Firstly, by constructing the credibility calculation module, the path of DOM cross site script attack was calculated, and the general process and characteristics of script attack were obtained. Secondly, based on the attack characteristics, the credibility scheduling module was established to detect the access rate of the script attack and obtain the data changes in the attack process. Then, the security principle, the advanced principle and the high availability principle were combined with above results to form a simulation platform for defense effective paths, and then captured the data fluctuation and redirection of different defense methods to DOM cross site scripting attacks for achieving the simulation of defense methods. The results show that the simulation platform designed in this work can not only simulate different defense methods accurately, but also simulate the characteristics and weaknesses of defense methods.
作者
夏文英
翟伟芳
卞雪梅
XIA Wen-ying;ZHAI Wei-fang;BIAN Xue-mei(Hebei College of Science and Technology,Baoding Hebei 071000,China;Baoding University of Technology,Baoding Hebei 071000,China;Hebei University,Baoding Hebei 071000,China)
出处
《计算机仿真》
北大核心
2021年第5期260-263,361,共5页
Computer Simulation
关键词
跨站脚本攻击
网络攻击防御
可信度模块计算
防御路径模拟
模拟平台
DOM cross site scripting attack
network attack defense
credibility module calculation
defense path simulation
simulation platform
