Method and device for detecting cross site scripting

A cross-site scripting attack and detection method technology, applied in computer security devices, special data processing applications, instruments, etc.

Inactive Publication Date: 2010-12-01
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method can detect reflective cross-site scripting attacks initiated by the client to a certain extent, if the webpage does not have authorization authentication, or when the user visits a webpage, the webpage already contains malicious scripts, that is, This solution is no longer applicable when stored cross-site scripting attacks, but this situation accounts for the vast majority of cross-site scripting attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting cross site scripting
  • Method and device for detecting cross site scripting
  • Method and device for detecting cross site scripting

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] Embodiment 1, a detection method for a cross-site scripting attack, such as figure 2 shown, including:

[0051] a. For the captured HTTP return page, find the active tag (Active Tag, abbreviated as AT); add the probability P of each layer label including the active tag in the captured HTTP return page to the inverse , and find the arithmetic mean value as the embedded JavaScript reasonable index EJSRF of the active label; extract the JavaScript script in each active label;

[0052] Wherein, the active label is an HTML label that does not have other HTML labels between the JavaScript script, and the probability P of the label is the probability that the JavaScript script directly appears in the label;

[0053] B, the extracted JavaScript script is encoded and restored to obtain the coded byte quantity EBN (Encoding Bytes Number) of the JavaScript script; semantic restoration is carried out to obtain the number of times the string is spliced ​​by using semantic deformat...

Embodiment 2

[0141] Embodiment 2, a detection device for a cross-site scripting attack, such as image 3 shown, including:

[0142] The index calculation unit is used to add the inverses of the probabilities P of the tags of each layer including the active tag in the captured HTTP return page, and calculate the arithmetic mean value as the reasonable value of the embedded JavaScript of the active tag. Index EJSRF; The active tag is an HTML tag that does not have other HTML tags between the JavaScript script; the probability P of the tag is the probability that the JavaScript script directly appears in the tag;

[0143] The extracting unit is used to find the active tags in the captured HTTP return page and notify the index calculation unit; extract the JavaScript script in each active tag;

[0144] An encoding restoration unit is used for encoding and restoring the extracted JavaScript script to obtain the encoded byte quantity EBN of the JavaScript script;

[0145] The semant...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a device for detecting cross site scripting. The device comprises an index calculating unit, an extracting unit, a code restoring unit, a semantics restoring unit, a matching degree calculating unit and a judging unit which cooperate with each other; and malicious cross site scripts entrained in a Web page are identified and extracted by a comprehensive HTML label analysis methods (comprising four methods, namely EJSRF analysis, JavaScript code deformation analysis, JavaScript semantics denaturation analysis and XSS attack characteristic mode matching). The cross site script identification and extraction technology taking HTML label analysis as a core can efficiently and accurately distinguish a normal JavaScript from the malicious cross site scripts in the Web page to make network security detection equipment and a network terminal accurately identify and filter the Web page which contains the malicious cross site scripts, and simultaneously guarantee legal Web page (without entrained malicious cross site scripts) normally pass.

Description

technical field [0001] The present invention relates to the technical area of ​​network security, in particular to a method and device for detecting cross-site scripting attacks. Background technique [0002] Various terminal browsers in the network, such as IE, FireFox, MyIE, etc., are responsible for sending HTTP requests (common such as GET and POST) to the web server after the user enters a URL or clicks a link. After the request, the corresponding operation will be performed, typically returning the requested page. These returned pages are often mixed with malicious cross-site scripting. Once these scripts are returned to the terminal browser, they will affect the user's Terminals carry out attacks of different degrees, such as stealing user accounts and stealing sensitive information on users' hard disks. Such attacks are very common and are called Cross Site Scripting (XSS for short). The implementation steps of cross-site scripting attacks are cumbersome. Compared w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F21/00G06F21/56
Inventor 李博叶润国
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap