|
|
- 2017
基于相似性计算的高效存储型XSS客户端攻击识别模型
|
Abstract:
针对存储型XSS攻击的主要注入方法和基本变异方式,文中设计并实现了一种在客户端识别存储型XSS攻击字符串的模型。首先通过选取攻击特征,计算特征权重来构建类型标准向量组。其次对预处理后的字符串识别攻击特征,构建攻击特征向量,将其与向量组中的类型标准向量进行相似性计算。再次将结果与阈值比较,对字符串进行攻击类型分类。最后构造了攻击字符串测试所提出的模型,并与Github上两个经典的开源XSS过滤工具进行识别率比较,结果验证了所提出的模型可以有效地识别存储型XSS攻击。
Aiming at the main injection method and the basic variation method of stored XSS attack,this paper designs and implements a model to identify attack strings of stored XSS on the client side.Firstly,the attack feature is selected and the feature weight is calculated to build the standard vector group of the attack types.Then,the attack feature of the pre processed string is identified,the attack feature vector is constructed,and the similarity of the vector and the type standard vector in the vector group is calculated.Next,the result is compared with the threshold determined previously and the strings are classfied.Finally,the model by the attack string testing is constructed.Attack recognition rates of the model are compared with that of two popular open source XSS filters on Github,the results verify that the model can effectively identify the stored XSS attack
