基于正则匹配的XSS网络钓鱼攻击检测技术的研究

发布时间：2018-04-06 04:17

本文选题：XSS　切入点：正则表达式　出处：《电子科技大学》2016年硕士论文

【摘要】：随着互联网技术的快速发展,电子商务、社交网络以及电子金融等网络平台成为人们生活中不可或缺的一部分。网络在给人们带来便利的同时,也给钓鱼攻击者带来了牟取非法利益的机会。攻击者通过诱使用户访问钓鱼网页来执行攻击,进而窃取用户的账户名、密码以及银行账户等隐私信息。近年来,随着跨站脚本攻击技术的流行,钓鱼攻击者另辟蹊径,通过在合法网站的跨站脚本漏洞中注入恶意脚本代码,实施一种新型的XSS网络钓鱼攻击。由于这种新型的钓鱼攻击发生在合法网站中,降低用户警惕性的同时也规避了各种传统网络钓鱼的检测,使得攻击的欺骗性和成功率显著提高。而针对这一新型的XSS网络钓鱼攻击,现有的检测方法无论在检测范围还是准确性方面仍存在很多不足。因此,针对这一新型攻击,开发一种高效准确的检测方法势在必行。针对已有检测方法的不足,结合XSS网络钓鱼攻击的特点,本文提出了基于正则匹配的XSS网络钓鱼攻击检测方法,简称REXPH。本文的主要研究工作如下:(1)基于正则匹配的XSS网络钓鱼攻击检测方法设计。首先,本文对传统网络钓鱼和XSS网络钓鱼的攻击原理及其检测方法进行了分析和总结,并指出了已有检测方法的不足。然后,详细描述了REXPH检测方法的总体流程,并给出了核心的伪代码。最后,提取了XSS网络钓鱼正常攻击、XSS网络钓鱼变形攻击以及第三方链接的特征,总结并得出了REXPH检测方法中所需的6个正则表达式集。(2)REXPH原型系统的设计与实现。本文设计并实现了REXPH检测原型系统,其中包括数据预处理、正则检测、变形代码还原、结果判定以及第三方链接再检测共5个模块。(3)REXPH方法实验以及与其他方法的比较。本文使用不同类型的XSS网络钓鱼攻击样本对系统进行了测试,并与已有的检测方法做了测试结果的对比分析。发现本文提出的REXPH比现有的检测方法涵盖的范围更广,检测的结果更加准确并且更加细致,同时漏报率显著降低,也说明了本文的REXPH检测方法在XSS网络钓鱼检测领域的技术优势以及推广应用价值。
[Abstract]:With the rapid development of Internet technology, electronic commerce, social network, electronic finance and other network platforms have become an indispensable part of people's lives.The network not only brings convenience to people, but also brings opportunities for angling attackers to gain illegal profits.The attacker invokes the user to visit the phishing page to carry out the attack, thereby stealing the user's account name, password, bank account and other privacy information.In recent years, with the popularity of cross-site scripting attack technology, phishing attackers seek a new way to implement a new XSS phishing attack by injecting malicious script code into the cross-site script vulnerability of legitimate websites.Due to the fact that this new fishing attack occurs on the legal website, it reduces the vigilance of users and avoids the detection of traditional phishing, which makes the deceptive and successful rate of the attack increase significantly.However, for this new XSS phishing attack, there are still many shortcomings in the detection range and accuracy of the existing detection methods.Therefore, it is imperative to develop an efficient and accurate detection method for this new attack.In view of the shortcomings of the existing detection methods and the characteristics of XSS phishing attacks, this paper proposes a regular matching based detection method for XSS phishing attacks, referred to as REXPH.The main work of this paper is as follows: (1) the design of XSS phishing attack detection method based on regular matching.Firstly, this paper analyzes and summarizes the attack principles and detection methods of traditional phishing and XSS phishing, and points out the shortcomings of existing detection methods.Then, the overall flow of REXPH detection method is described in detail, and the core pseudo code is given.Finally, the features of XSS phishing deformation attack and third party link are extracted, and the design and implementation of six regular expression sets.In this paper, a prototype system of REXPH detection is designed and implemented, which includes five modules: data preprocessing, regular detection, deformable code restoration, result determination and third party link re-detection.In this paper, different types of XSS phishing attack samples are used to test the system, and the test results are compared with the existing methods.It is found that the REXPH proposed in this paper covers a wider range than the existing detection methods, and the detection results are more accurate and meticulous, while the missing reporting rate is significantly reduced.It also explains the technical advantages of the REXPH detection method in the field of XSS phishing detection and its application value.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP393.08

【参考文献】