Script injection attack detection method and system

A script injection attack and detection method technology, which is applied in the field of computer networks, can solve problems such as unclean data cleaning, difficulties in deployment and implementation, and incorrect presentation of Web content, so as to improve detection accuracy, comprehensiveness and accuracy of detection , to overcome the effect of higher false positives

Inactive Publication Date: 2009-06-17
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the script execution prohibition method is to completely or partially prohibit the execution of the script on the Web client, which will make some Web content cannot be displayed correctly; the HTTP response message purification method is to filter and clean the Web page content returned from the Web server. Delete those scripts that may endanger the security of the client. The disadvantage of this method is that the content of the web page cannot be rendered correctly due to unclean data cleaning or excessive cleaning; the data flow tracking method of the web client includes static data flow tracking based on the source code level and Based on the tracking and analysis method of input data flow and output data flow, this method needs to modify the web client software, which is difficult to deploy and implement

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Script injection attack detection method and system
  • Script injection attack detection method and system
  • Script injection attack detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047]如附图1所示,本发明所述的脚本注入攻击检测方法包括HTTP请求消息获取101、从HTTP请求中提取用户输入数据102、对用户输入数据进行数据解码103、对解码后的用户输入数据进行文档对象模型结构分析104、从文档对象模型树中提取全面提取注入脚本105、对提取的注入脚本进行语法正确性检测106以及产生脚本注入攻击报警事件107等步骤。

[0048]本发明所述的HTTP请求消息获取步骤101包括但不限于以下三种方式:

[0049]1)HTTP代理方式;

[0050]2)Web服务器内嵌方式;

[0051]3)被动获取方式。

[0052]基于HTTP代理的HTTP请求获取方式包括:1)在Web用户网络端部署客户端HTTP代理来截获发往Web服务器的所有HTTP请求消息;2)在Web服务器端部署HTTP代理,截获发往其后台被保护Web服务器的所有HTTP请求。

[0053]基于Web服务器内嵌方式是指通过为特定Web服务器软件模块添加第三方插件方式来获取所有将被该Web服务器软件处理的HTTP请求消息。比如,对于Apache服务器软件,可通过Apache服务器软件开放的API接口开发第三方插件,在Apache服务器软件正式处理该HTTP请求前,通过扫描该HTTP请求来检测是否为一个脚本注入攻击;对于Microsoft的Internet信息服务器(InternetInformation Server,IIS),可以通过其开放的过滤器插件API编写一个拦截和检测HTTP请求消息的过滤插件。

[0054]被动方式获取HTTP请求消息是指以被动方式收集本网络内所有与HTTP协议相关的网络数据包,或者以被动方式收集流经监听设备的所有与HTTP协议相关的网络数据包,经网络数据包碎片处理、TCP数据流重组和HTTP协议分析等步骤获取HTTP请求消息。这种被动获取HTTP请求消息的模式比较适合于入侵检测系统(Intrusion Detection System,IDS)和入侵防御系统产品(Intrusion Protection System,IPS);

[0055]在获取到HTTP请求消息之后,下一步执行从HTTP请求消息中提取所有用户输入数据步骤。如附图2所示,本发明所述的脚本注入攻击检测方法在提取用户输入数据时是提取HTTP请求消息200中的以下4个协议域值:URL参数210、CO...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A script injection and attacking detection method and a system belong to the technical field of computing network, wherein the method comprises requesting and obtaining by HTTP, extracting user input data from HTTP request, doing script injection and attacking detection to user input data, and alarming script injection and attacking affairs and the like, wherein script injection and attacking detection step to user input data comprises decoding user input data, analyzing document object model structure, extracting document object model script and detecting script grammar and the like. The script injection and attacking detection system comprises an HTTP requesting and obtaining module, a user inputting data extraction module, a script injection and attacking module and a script injection and attacking alarm module, wherein the script injection and attacking detection module comprises a user input data decoding module, a document object model structure analyzing module, an injection script extracting module and a script grammar detecting module. The script injection and attacking detection method and the system are suitable for applying in Web service security insurance products.

Description

technical field [0001] The invention relates to a script injection attack detection method and system, belonging to the technical field of computer networks. Background technique [0002] Since the birth of Web technology, the Internet has developed rapidly, and Web services have become the most important way to provide network content in the Internet. With the development of Web technology, the Web no longer only provides static content services for Internet users, but can provide various dynamic Web content services according to user needs. Due to the advantages of easy deployment and use of Web services, many traditional client / server applications have begun to be transformed into Web-based applications, including those applications such as electronic banking and electronic securities that have very high security requirements. [0003] While Web service brings convenience to people's life and work, it also brings a lot of security problems. These security issues include...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/08
Inventor 叶润国胡振宇骆拥政朱钱航邓伟李博
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap