Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cross-site scripting attack monitoring system and method

A cross-site scripting attack and monitoring system technology, applied in transmission systems, instruments, electrical digital data processing, etc., can solve the problems of account security collapse, high implementation costs, and inability to automatically prevent attacks, achieving good monitoring effects and high coverage. , apply the effect of high matching degree

Active Publication Date: 2014-06-11
ALIBABA GRP HLDG LTD
View PDF4 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On June 28, 2011, a relatively large cross-site scripting attack occurred on Sina Weibo, which caused a serious breakdown in account security.
Relevant permissions need to be obtained for operating system-level function calls and analysis. At the same time, the detection tool needs to be installed on the client side. The implementation cost is high, and it tends to protect the client side, and the protection of the website is not obvious enough.
In addition, this detection method cannot automatically notify the vulnerability service provider to help it improve the vulnerability service
[0006] In addition, the existing cross-site scripting attack detection tools cannot monitor the behavior of the client. Therefore, it is difficult to effectively obtain the source of the attack, and cannot realize the early warning and notification functions when the attack occurs, let alone automatically prevent the attack when the attack occurs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site scripting attack monitoring system and method
  • Cross-site scripting attack monitoring system and method
  • Cross-site scripting attack monitoring system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The specific embodiments of the present application will be described in further detail below based on the accompanying drawings. It should be understood that the specific embodiments described here are merely examples, and are not intended to limit the protection scope of the present application.

[0027] see figure 1 , is the cross-site scripting attack monitoring system 100 provided in the embodiment of the present application.

[0028] The cross-site scripting attack monitoring system 100 includes an application service module 10 , a monitoring module 20 and an analysis module 30 .

[0029] The application service module 10 includes a business module 11 and a redefinition module 12 . The service module 11 receives the service request from the client 60 and responds to the service request. The redefinition module 12 determines script built-in functions commonly used in cross-site scripting attacks, and redefines them.

[0030] The script built-in functions are bu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a cross-site scripting attack monitoring system. The cross-site scripting attack monitoring system comprises an application serving module, a monitoring module and an analyzing module. The application serving module comprises a service module and a redefining module. The service module receives and responds to a service request of a user side, and the redefining module redefines a script built-in function adopted in a cross-site scripting attack and returns redefining information of the script built-in function to the user side; the monitoring module monitors calling information of the user side to the redefined script built-in function; the analyzing module analyzes the safety of the calling information. The cross-site scripting attack monitoring system can realize accurate locating of the source of the cross-site scripting attack, the attacking time, leaked data, attacked vulnerability and the like. In addition, the invention further provides a cross-site scripting attack monitoring method.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a cross-site scripting attack monitoring system and method. Background technique [0002] In recent years, the focus of attention in the field of software security has gradually shifted from server-side attacks to client-side attacks, and cross-site scripting (XSS, English full name is Cross Site Script) attacks have been regarded as the most important security problem faced by network applications. threaten. Cross-site scripting often takes advantage of application security flaws and causes destructive consequences together with other vulnerabilities. Sometimes cross-site scripting attacks may also turn into a virus or a worm capable of self-propagation, causing more serious damage. In 2005, Myspace was attacked based on a cross-site scripting worm, causing a large number of users to receive millions of requests and had to close its applications. In 2009, Tw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1466G06F21/54G06F21/55H04L63/145H04L67/02G06F2221/2119
Inventor 朱荣李晓拴易子仪徐天河
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com