基于遗传算法和支持向量机的XSS攻击检测方法  被引量：1

作　　者：马征 陈学斌 张国鹏 翟冉 MA Zheng;CHEN Xuebin;ZHANG Guopeng;ZHAI Ran(College of Science,North China University of Science and Technology,Tangshan,Hebei 063210,China;Hebei Key Laboratory of Data Science and Application,North China University of Science and Technology,Tangshan,Hebei 063210,China;Tangshan Key Laboratory of Data Science,North China University of Science and Technology,Tangshan,Hebei 063210,China)

机构地区：[1]华北理工大学理学院,河北唐山063210 [2]华北理工大学河北省数据科学与应用重点实验室,河北唐山063210 [3]华北理工大学唐山市数据科学重点实验室,河北唐山063210

出　　处：《江苏大学学报（自然科学版）》2024年第6期686-693,共8页Journal of Jiangsu University：Natural Science Edition

基　　金：国家自然科学基金资助项目(U20A20179)。

摘　　要：针对现有基于过滤器、动态分析、静态分析等的解决方案在检测未知XSS攻击方面效果不佳的问题,利用机器学习方法可高效检测出未知XSS攻击的特点,提出一种基于遗传算法和支持向量机的XSS攻击检测模型.通过模糊测试生成XSS攻击预样本,利用遗传算法搜索特征空间,迭代生成最优测试用例,从而扩充数据集、丰富XSS攻击向量库.给出了基于遗传算法和支持向量机的攻击检测模型,确定了XSS测试用例编码规则.进行了适应度函数设计,完成了选择算子、交叉算子、变异算子的设计.从准确率、召回率、误报率和F_(1)值来评价分类器的检测效果,结果表明:该模型准确率达到了99.5%;对比其他检测方法,该检测模型具有更好的检测效果,并且召回率和误报率也有明显改善.To solve the poor performance problem of the existing solutions based on filters,dynamic analysis and static analysis in detecting unknown XSS attacks,the machine learning methods were used to efficiently detect unknown XSS attacks,and the XSS attack detection model was proposed based on genetic algorithm and support vector machine.The fuzzy testing was used to generate XSS attack pre samples,and the genetic algorithm was used to search the feature space.The optimal test cases were iteratively generate,and the dataset was expanded to enrich the XSS attack vector library.The attack detection model was proposed based on genetic algorithm and support vector machine,and the coding rules for XSS test cases were determined.The fitness function was designed,and the designs of selection operator,crossover operator and mutation operator were completed.The detection performance of the classifier was evaluated based on accuracy,recall,false positive rate and F_(1) score.The results show that the accuracy of the model can reach 99.5%.Compared with other detection methods,the proposed detection model has better detection performance with high recall rate and low false positive rate.

关 键 词：跨站脚本攻击 模糊测试 遗传算法 支持向量机 特征向量化 

分 类 号：TP391.9[自动化与计算机技术—计算机应用技术]