基于模糊测试和集成学习的XSS攻击检测方法  被引量：1

作　　者：马征 陈学斌 张国鹏 MA Zheng;CHEN Xue-bin;ZHANG Guo-peng(College of Science,North China University of Science and Technology,Tangshan Hebei 063210,China;Hebei Key Laboratory of Data Science and Application,Tangshan Hebei 063000,China;Tangshan Key Laboratory of Data Science,Tangshan Hebei 063000,China)

机构地区：[1]华北理工大学理学院,河北唐山063210 [2]河北省数据科学与应用重点实验室,河北唐山063000 [3]唐山市数据科学重点实验室,河北唐山063000

出　　处：《华北理工大学学报（自然科学版）》2023年第3期125-133,共9页Journal of North China University of Science and Technology：Natural Science Edition

基　　金：国家自然科学基金项目(U20A20179)。

摘　　要：跨站点脚本(XSS)攻击是Web应用程序中最严重的安全问题之一。针对现有技术在检测未知XSS攻击方面存在效率低、误报率高等问题,文中提出了一种基于模糊测试和集成学习的XSS攻击检测方法。方案的思想是通过模糊测试生成XSS攻击测试用例,利用有监督的集成学习技术在大型标记和平衡数据集上进行训练。采取的集成学习方法主要有随机森林、自适应提升(Adaptive boosting,Adaboost)、极端随机树、梯度Boosting、基于直方图的梯度Boosting,以支持向量机为基学习器的Bagging。从准确率、召回率等方面评价分类器的检测效果,利用混淆矩阵对集成学习算法性能进行分析和比较,结果显示,集成学习检测方法对XSS攻击都具有较好的检测效果,基于直方图的梯度提升算法和极端随机树算法较优,准确率达到了99.84%。Cross site scripting(XSS)attack is one of the most serious security problems in Web applications.Aiming at the problems of low efficiency and high false alarm rate in detecting unknown XSS attacks in existing technologies,although machine learning algorithms can detect XSS attacks efficiently,there are still problems such as single base classifiers,small datasets and unbalanced datasets.In this paper,an XSS attack detection method based on fuzzy testing and integrated learning was proposed.The idea of the scheme is to generate XSS attack test cases through fuzzy testing,and use supervised integrated learning technology to train on large markup and balanced data sets.The integrated learning methods adopted mainly include random forest,AdaBoost,extreme random tree,gradient boosting,gradient boosting based on histogram,and Bagging based on SVM.The detection effect of the classifier is evaluated from the accuracy,recall,false alarm rate and F1 value.The performance of the integrated learning algorithm is analyzed and compared by using the confusion matrix.The results show that the integrated learning detection method has better detection effect against XSS attacks.The histogram based gradient lifting algorithm has the best effect,with the accuracy of 99.7%.

关 键 词：跨站脚本攻击 模糊测试 机器学习 集成学习 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]