现代电子技术2024,Vol.47Issue(14):30-34,5.DOI:10.16652/j.issn.1004-373x.2024.14.005
Web前端组件中的跨站脚本攻击检测算法研究
Research on cross site scripting attack detection algorithm in Web front-end components
摘要
Abstract
The front-end components involve multiple data streams,including user input,server returned data,etc.Malicious scripts can be hidden within these data streams,and cross site scripting attacks have variability and uncertainty,making it difficult to detect them.Therefore,a cross site scripting attack detection algorithm in Web front-end components is proposed.The web crawler based cross site script information crawling model for Web front-end components is used to capture non redundant cross site script information for Web front-end components.The captured script information is used as training samples for the multi classification support vector machine algorithm.Before detection,large-scale deformation cross site script information samples are extracted from the authoritative Web vulnerability submission platform Exploit-db,and a trained multi class support vector machine is used to classify and detect the captured script information.The experimental results show that this algorithm has accurate classification results for 100 reflective cross site script attacks,50 storages cross site script attacks,and 10 DOM cross site script attacks.Moreover,in the sample distribution of the classification results,the attack cross site scripts can be distributed in an orderly manner according to the type of attack.关键词
Web前端组件/跨站脚本/攻击检测/网络爬虫/信息抓取/多分类支持向量机Key words
Web front-end components/cross site scripting/attack detection/web crawler/information capture/multi classification support vector machine分类
电子信息工程引用本文复制引用
李新荣,谢绍敏..Web前端组件中的跨站脚本攻击检测算法研究[J].现代电子技术,2024,47(14):30-34,5.基金项目
教育部产学合作协同育人项目:基于线上线下产学融合的《HTML5程序设计》的教学改革与探索(220605211082944) (220605211082944)
