基于FP-Growth算法的XSS漏洞动态检测方法  被引量:1

XSS Vulnerability Dynamic Detection Method Based on FP-Growth Algorithm

在线阅读下载全文

作  者:肖斯文 张斌[1] XIAO Siwen;ZHANG Bin(Information Engineering University,Zhengzhou 450001,China)

机构地区:[1]信息工程大学,河南郑州450001

出  处:《信息工程大学学报》2022年第5期586-593,共8页Journal of Information Engineering University

摘  要:为提高跨站脚本(XSS)漏洞动态检测方法的检测能力,提出一种基于FP-Growth算法构造攻击向量库并利用web测试工具进行检测的XSS漏洞动态检测方法。首先,建立基于FP-Growth算法的关联规则挖掘模型,利用模型挖掘大量XSS攻击实例间的关联规则,并以此为基础构造一个内含更多种类攻击向量的攻击向量库;其次,设计注入点匹配规则和攻击向量验证规则并实现基于Selenium的XSS漏洞检测模块SmartXSS,以适应加载攻击向量库实施检测。实验结果表明,基于实验环境所提方法通过发送正常请求实施XSS漏洞检测的检测率可达88.89%,相比Wapiti等同类工具提高了22.22个百分点。To improve the detection ability of cross site scripting(XSS) vulnerability dynamic detection method, a dynamic XSS vulnerability detection method based on FP-Growth algorithm is proposed to construct attack vector library and web testing tools to detect XSS vulnerability. Firstly, we establish an association rule mining model based on FP-Growth algorithm to discover association rules among attack instances and construct an attack vector library containing more kinds of attack vectors. Secondly, the injection matching rules and the attack vector verification rules are used to match the attack vector library for detection. Finally, an XSS vulnerability detection module named SmartXSS based on Selenium is proposed. According to the performance of the test under laboratory conditions, the detection rate of XSS vulnerability detection is 88.89% by sending the normal requests, which is 22.22 percentage point higher than Wapiti and other similar tools.

关 键 词:FP-GROWTH算法 XSS漏洞 动态检测 关联规则挖掘 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象