XSS攻击检测与安全防护技术研究与设计

发布时间：2018-03-20 16:47

本文选题：跨站脚本漏洞　切入点：攻击检测　出处：《北京邮电大学》2017年硕士论文　论文类型：学位论文

【摘要】：跨站脚本在近几年计算机网络的十大安全漏洞排名中始终高居三甲。由于计算机网络中存储着大量用户信息,XSS漏洞攻击给网络用户的信息安全造成了严重的危害,如何应对XSS漏洞攻击成为网络用户最为关心的问题。本论文对客户端脚本安全技术进行综述,对跨站脚本的攻击检测原理和安全防护技术进行了研究,对XSS检测系统进行了概要设计,详细分析了 XSS漏洞检测算法,并对漏洞可疑点提取算法和XSS漏洞检测算法进行了改进,最后对XSS漏洞检测系统进行了编码实现及测试评估。本文的主要工作成果如下:(1)综述了国内外Web前端安全技术现状,研究了 XSS漏洞攻击原理和XSS漏洞的防御方法,对XSS漏洞的检测机制进行了深入分析。(2)提出了分层的XSS漏洞检测模型,设计了系统的总体架构,并对该系统的统一性和可扩展性进行了改进,其中包括链接提取,漏洞定位,攻击向量生成和模拟攻击。(3)研究了基于爬虫的XSS漏洞检测算法,对漏洞可疑点定位算法和XSS漏洞攻击检测算法进行研究和分析,提出了基于BFS算法的XSS网站链接提取算法,基于文本相似度算法的页面去重和基于注入点分类的攻击向量生成算法,从而有效提高XSS漏洞检测模型误报率和检测效率。(4)最后对基于爬虫的XSS漏洞检测系统进行了实现和测试。对基于爬虫的可疑点定位提取和基于动态XSS模拟攻击检测模块进行了实现。通过对特定网站进行测试,验证该XSS漏洞检测模型能够准确又高效的检测出跨站漏洞。本文针对XSS漏洞检测准确率和效率低下的问题,提出了一种基于爬虫的XSS漏洞检测方案。该方案对传统的XSS检测算法进行改进,采用网络爬虫查找定位XSS漏洞,再根据漏洞类别动态生成特定攻击向量库,利用该攻击向量库模拟攻击。实验结果证明该方案提高了跨站脚本检测效率和准确率。
[Abstract]:In recent years, cross-site scripts have always been the top 10 security vulnerabilities in computer networks. Due to the large amount of user information stored in computer networks, XSS vulnerability attacks have caused serious harm to the information security of network users. How to deal with the XSS vulnerability attack has become the most concerned problem for network users. This paper summarizes the security technology of client script, and studies the attack detection principle and security protection technology of cross-site script. This paper gives a brief design of XSS detection system, analyzes the algorithm of XSS vulnerability detection in detail, and improves the algorithm of extracting suspected points and detecting XSS vulnerability. Finally, the coding implementation and test evaluation of XSS vulnerability detection system are carried out. The main work results of this paper are as follows: 1) the present situation of Web front-end security technology at home and abroad is summarized, and the principle of XSS vulnerability attack and the method of preventing XSS vulnerability are studied. The detection mechanism of XSS vulnerability is deeply analyzed. (2) A layered XSS vulnerability detection model is proposed, the overall architecture of the system is designed, and the uniformity and expansibility of the system are improved, including link extraction, vulnerability location, and so on. XSS vulnerability detection algorithm based on crawler is studied, vulnerability location algorithm and XSS vulnerability detection algorithm are studied and analyzed, and XSS website link extraction algorithm based on BFS algorithm is proposed. Based on the text similarity algorithm, the page removal algorithm and the attack vector generation algorithm based on injection point classification are proposed. Therefore, the false positive rate and detection efficiency of XSS vulnerability detection model are improved effectively. Finally, the XSS vulnerability detection system based on crawler is implemented and tested. The suspicious spot location extraction based on crawler and dynamic XSS simulation attack detection are carried out. The test module is implemented. By testing a specific website, Verify that the XSS vulnerability detection model can accurately and efficiently detect cross-site vulnerabilities. This paper aims at the problem of low accuracy and efficiency of XSS vulnerability detection. This paper presents a XSS vulnerability detection scheme based on crawler, which improves the traditional XSS detection algorithm, uses the crawler to locate the XSS vulnerability, and dynamically generates the specific attack vector library according to the type of vulnerability. The attack vector library is used to simulate the attack. Experimental results show that the scheme improves the efficiency and accuracy of cross-site script detection.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】