Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting cross site scripting

A technology for cross-site scripting attacks and detection methods, which is used in computer security devices, special data processing applications, instruments, etc.

Inactive Publication Date: 2012-08-29
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method can detect reflective cross-site scripting attacks initiated by the client to a certain extent, if the webpage does not have authorization authentication, or when the user visits a webpage, the webpage already contains malicious scripts, that is, This solution is no longer applicable when stored cross-site scripting attacks, but this situation accounts for the vast majority of cross-site scripting attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting cross site scripting
  • Method and device for detecting cross site scripting
  • Method and device for detecting cross site scripting

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] Embodiment 1, a detection method for a cross-site scripting attack, such as figure 2 shown, including:

[0051] a. For the captured HTTP return page, find the active tag (Active Tag, abbreviated as AT); add the probability P of each layer label including the active tag in the captured HTTP return page to the inverse , and find the arithmetic mean value as the embedded JavaScript reasonable index EJSRF of the active label; extract the JavaScript script in each active label;

[0052] Wherein, the active label is an HTML label that does not have other HTML labels between the JavaScript script, and the probability P of the label is the probability that the JavaScript script directly appears in the label;

[0053] B, the extracted JavaScript script is encoded and restored to obtain the coded byte quantity EBN (Encoding Bytes Number) of the JavaScript script; semantic restoration is carried out to obtain the number of times the string is spliced ​​by using semantic deformat...

Embodiment 2

[0141] Embodiment 2, a detection device for a cross-site scripting attack, such as image 3 shown, including:

[0142] The index calculation unit is used to add the inverses of the probabilities P of the tags of each layer including the active tag in the captured HTTP return page, and calculate the arithmetic mean value as the reasonable value of the embedded JavaScript of the active tag. Index EJSRF; The active tag is an HTML tag that does not have other HTML tags between the JavaScript script; the probability P of the tag is the probability that the JavaScript script directly appears in the tag;

[0143] The extracting unit is used to find the active tags in the captured HTTP return page and notify the index calculation unit; extract the JavaScript script in each active tag;

[0144] An encoding restoration unit is used for encoding and restoring the extracted JavaScript script to obtain the encoded byte quantity EBN of the JavaScript script;

[0145] The semant...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a device for detecting cross site scripting. The device comprises an index calculating unit, an extracting unit, a code restoring unit, a semantics restoring unit, a matching degree calculating unit and a judging unit which cooperate with each other; and malicious cross site scripts entrained in a Web page are identified and extracted by a comprehensive HTML label analysis methods (comprising four methods, namely EJSRF analysis, JavaScript code deformation analysis, JavaScript semantics denaturation analysis and XSS attack characteristic mode matching). The cross site script identification and extraction technology taking HTML label analysis as a core can efficiently and accurately distinguish a normal JavaScript from the malicious cross site scripts in the Web pageto make network security detection equipment and a network terminal accurately identify and filter the Web page which contains the malicious cross site scripts, and simultaneously guarantee legal Webpage (without entrained malicious cross site scripts) normally pass.

Description

technical field [0001] The invention relates to the field of network security technology, in particular to a detection method and device for a cross-site scripting attack. Background technique [0002] Various terminal browsers in the network, such as IE, FireFox, MyIE, etc., are responsible for sending HTTP requests (such as GET and POST) to the Web server after the user enters a URL or clicks on a link. After the request, the corresponding operation will be performed, typically returning the requested page. These returned pages are often mixed with malicious cross-site scripting. Once these scripts are returned to the terminal browser, they will affect the user's The terminal implements different levels of attacks, such as stealing user accounts, stealing sensitive information on the user's hard disk, etc. This kind of attack is very common and is called cross-site scripting (Cross Site Scripting, XSS for short). The implementation steps of cross-site scripting attacks ar...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F17/30G06F21/00G06F21/56
Inventor 李博叶润国
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products