Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Skip list based cross-site scripting attack defense method

A cross-site scripting attack and table skipping technology, which is applied in special data processing applications, instruments, electrical digital data processing, etc., can solve the problem of consuming a lot of system resources, making it difficult to accurately defend against cross-site scripting, and reducing user experience comfort, etc. question

Inactive Publication Date: 2015-07-08
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF2 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, each method has its disadvantages: the detection rate of filtering special characters is low, and the false positive rate is high, which makes it difficult for us to accurately defend against cross-site scripting.
Although the security and separation strategies are superior to filtering special characters in terms of false alarm rate and detection rate, they have high requirements on the system, consume a lot of system resources as a cost, and reduce user experience comfort.
However, the current cooperative defense between client and server is very complicated, and it is too complicated to implement, and it also has the shortcomings of dynamic detection technology, so it is currently relatively low in practicability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Skip list based cross-site scripting attack defense method
  • Skip list based cross-site scripting attack defense method
  • Skip list based cross-site scripting attack defense method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] Cross-site scripting attack (XSS): A cross-site scripting attack refers to a malicious attacker using a vulnerability in an application or code in a web server as a normal visitor to convert a piece of malicious script code (usually a piece of JavaScript code). Some data) are uploaded to the Web server, or a URL link of a Web site that also contains malicious script code is sent to the target user; when an individual user who trusts this Web server visits a page containing malicious script code in this Web site, or opens When the URL link is received, the user's browser will automatically load and execute the script code that the malicious attacker hopes to be executed, thereby achieving the purpose of the attack. From the process of this attack, we can see that cross-site scripting attacks are actually an indirect attack technique. In most cases, malicious attackers use the Web server to indirectly attack another individual user, but in rare cases it is also You can u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a skip list based cross-site scripting attack defense method, and aims at detecting cross-site scripting attack vulnerability. The method comprises the steps of reading attack code field value of a cross-site scripting (XSS) attack XSS sample; standardizing; performing MD5 coding and integer conversion to obtain the long integer type data of the sample; creating skip list nodes to form a skip list which forms an attack vector feature database; intercepting data information submitted through POST / GET manner based on the HTTP traffic packet analysis; extracting the scrip vector parameter set according to the request header key value; standardizing; generating all sub-sequence sets A of which threshold values are possibly specified to the length L by the DFA description manner; performing 16-bit MD5 coding and integer conversion for each sub-sequence in A to obtain the long integer type; matching the long integer type of A with the skip list nodes in the feature database; if matching, performing dirt marking for script parameter Sm to obtain the vulnerability detection result.

Description

Technical field [0001] The invention belongs to the technical field of Web attack detection and defense. Background technique [0002] In response to cross-site scripting attacks, most of the current Web sites generally adopt defense strategies including client-side filtering, server-side filtering, and Web attack detection firewall deployment, which can be roughly divided into: client-side defense, server-side defense, and client-server collaboration defense. [0003] Client defense: (1) Filtering strategy: The general input data verification and filtering functions of Web applications are usually processed by client-side scripts (Javascript), such as mail format, text special characters and length restrictions, password robustness, etc., which can basically complete the customer 13 kinds of verification at the end, including the value is empty, must be an integer / double-precision number / Chinese character / common English character, minimum / maximum length, email format, date format...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/30H04L29/06
Inventor 胡昌振薛静锋王灏张妍王勇
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com