DOM型跨站脚本网络攻击防御有效路径模拟  被引量:7

Effective Path Simulation of DOM Type Cross Site Scripting Network Attack Defense

在线阅读下载全文

作  者:夏文英[1] 翟伟芳 卞雪梅[3] XIA Wen-ying;ZHAI Wei-fang;BIAN Xue-mei(Hebei College of Science and Technology,Baoding Hebei 071000,China;Baoding University of Technology,Baoding Hebei 071000,China;Hebei University,Baoding Hebei 071000,China)

机构地区:[1]河北科技学院,河北保定071000 [2]保定理工学院,河北保定071000 [3]河北大学,河北保定071000

出  处:《计算机仿真》2021年第5期260-263,361,共5页Computer Simulation

摘  要:由于DOM型跨站脚本攻击的不确定性,导致DOM型跨站脚本攻击防御困难。提出一种DOM型跨站脚本网络攻击防御有效路径模拟,通过构建可信度计算模块,对DOM跨站脚本攻击的路径进行计算,得到脚本攻击的大致过程与攻击特性,依据脚本攻击的攻击特性,建立可信度调度模块,对脚本攻击的访问速率进行检测,获取其攻击过程中的数据变化,凭借上述结果结合三种原则(安全性原则、先进性原则、高可用性原则)组建防御有效路径模拟平台,进而捕获不同防御方法对DOM跨站脚本攻击的数据波动与重定向,以此来实现对防御方法的模拟。实验证明,所设计的模拟平台能够对不同的防御方法进行精确的模拟,同时平台还能够模拟出防御方法的特性与薄弱点。The uncertainty of DOM type cross site scripting attack results in defense difficult. In this regard, this paper presents an effective defense path simulation of DOM type cross site scripting network attack. Firstly, by constructing the credibility calculation module, the path of DOM cross site script attack was calculated, and the general process and characteristics of script attack were obtained. Secondly, based on the attack characteristics, the credibility scheduling module was established to detect the access rate of the script attack and obtain the data changes in the attack process. Then, the security principle, the advanced principle and the high availability principle were combined with above results to form a simulation platform for defense effective paths, and then captured the data fluctuation and redirection of different defense methods to DOM cross site scripting attacks for achieving the simulation of defense methods. The results show that the simulation platform designed in this work can not only simulate different defense methods accurately, but also simulate the characteristics and weaknesses of defense methods.

关 键 词:跨站脚本攻击 网络攻击防御 可信度模块计算 防御路径模拟 模拟平台 

分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象