面向SQL注入和XSS攻击的Web入侵检测系统的研究与实现  被引量：5

作　　者：李钊 张先荣 郭帆[3] LI Zhao;ZHANG Xianrong;GUO Fan(Information Technology Department of Libray,Anhui Medical University,Hefei,Anhui 340100;Institute of Advanced Cyberspace Technology,Guangzhou University,Guangzhou,Guangdong 510000;School of Computer and Information Engineering,Jiangxi Normal University,Nanchang,Jiangxi 330022,China)

机构地区：[1]安徽医科大学图书馆信息技术部,安徽合肥340100 [2]广州大学网络空间先进技术研究院,广东广州510000 [3]江西师范大学计算机信息工程学院,江西南昌330022

出　　处：《九江学院学报（自然科学版）》2022年第1期33-40,共8页Journal of Jiujiang University：Natural Science Edition

基　　金：安徽省教育厅自然科学研究项目(编号KJ2019A1184);安徽省教育厅质量工程项目(编号2019xfzx16,2019mooc513);高校优秀青年骨干教师国内访问研修项目(编号gxgnfx2020171)的成果之一

摘　　要：随着Web应用的越来越广泛,Web程序受到攻击会造成严重的数据泄露和财产损失。基于Web日志的传统人工入侵检测对网络管理员有着一定的专业要求并且效率也较低,因此文章提出了一种面向SQL注入和XSS攻击的Web入侵检测方法。首先在漏洞平台DVWA上,针对各种SQL注入攻击和XSS攻击的方法进行分析、人工提取SQL注入攻击向量SQLIAV和XSS攻击向量XSSAV,来构建出有效的攻击向量知识库SQL;然后对比分析常见的模式匹配算法并选取相对高效的模式匹配Sunday算法,并对算法的时间性能进行优化改进;最后将构建的攻击向量知识库通过优化的模式匹配Sunday算法进行匹配并设计出入侵检测系统,并将文章设计入侵检测系统与Snort入侵检测系统相比较。实验结果表明,该入侵检测系统具有一定的有效性和可靠性。As Web application became more and more widely used,Web application attack would cause serious data leak and damage to property,and the traditional artificial intrusion detection based on Web log which had certain professional requirements for network administrators had low efficiency,so this paper proposed a SQL injection and XSS attacked oriented Web intrusion detection method.Firstly,the SQL injection attack and XSS attack methods were analyzed on the vulnerability platform DVWA,and the SQL injection attack vector SQLIAV and XSS attack vector XSSAV were extracted manually to construct the effective attack vector knowledge base SQL.Then authors compared and analyzed the common pattern matching algorithms and selected the relatively efficient pattern matching Sunday algorithm,and optimized the time performance of the algorithm.Finally,the constructed attack vector knowledge base was matched by the optimized pattern matching Sunday algorithm and the intrusion detection system was designed.Compared with Snort intrusion detec・tion system,the experimental results showed that the intrusion detection system had certain validity and reliability.

关 键 词：WEB攻击 SQL注入 XSS攻击 入侵检测系统 模式匹配算法 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]