反射型跨站脚本漏洞检测实验与仿真研究  

Experiment and Simulation Research on Reflected Cross-Site Scripting Vulnerability Detection

在线阅读下载全文

作  者:王晓立 李爱萍 WANG Xiao-li;LI Ai-ping(School of Information Engineering Shanxi College of Application Science and Technology,Taiyuan Shanxi 030000,China;College of Information and Computer,Taiyuan University of Technology,Taiyuan Shanxi 030002,China)

机构地区:[1]山西应用科技学院信息工程学院,山西太原030000 [2]太原理工大学信息与计算机学院,山西太原030002

出  处:《计算机仿真》2023年第11期485-489,共5页Computer Simulation

摘  要:跨站脚本允许恶意用户将代码注入到网页上,在链接中恶意嵌入译码时网络服务器应用无法确认用户输入并确保页面编码的正确性,严重威胁网络安全。若WEB应用程序使用动态页面向用户传递错误信息,即有可能造成反射型跨站脚本漏洞。为增强网络环境的安全性,提出反射型跨站脚本漏洞检测实验与仿真方法。建模分析反射型跨站脚本中污染数据的传播特性,提取此类数据特征。结合多层感知机和隐马尔科夫模型,构建反射型跨站脚本漏洞检测模型,将提取的数据特征输入模型中,实现反射型跨站脚本漏洞的检测。仿真结果表明,所提方法的查全率和查准率均可达95%以上,检测效率也较高,F-measure值高于0.9,说明研究方法具有应用有效性。Cross-site scripts allow malicious users to inject codes into web pages.When malicious deciphers are embedded in links,the web server cannot confirm user input and ensure the correctness of page coding,which serious-ly threatens network security.In order to enhance the security of network,a method for testing and simulating the re-flected cross-site scripting vulnerability detection was proposed.First,we modelled and analyzed the propagation characteristics of tainted data in reflected cross-site script,and thus to extract the data characteristics.Combining with multi-layer perceptron and hidden Markov model,a model of detecting reflected cross-site script vulnerability was constructed,and then the data characteristics were input into the model.Finally,the detection of vulnerabilities was achieved.Simulation results show that the recall and precision of the proposed method can exceed 95%.In addi-tion,the detection efficiency is also high,and F-measure value exceeds O.9,indicating that the method is effective.

关 键 词:反射型跨站脚本 污染数据传播 多层感知机 隐马尔科夫模型 漏洞检测模型 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象