FP-tree optimized XSS attack automatic detection method

Abstract

The invention relates to an FP-tree optimized XSS attack automatic detection method, which comprises the steps of scanning sample data in a data set by using an FP-growth algorithm, and calculating asupport degree and a confidence degree corresponding to each parameter; giving a minimum support degree and a minimum confidence degree; finding out all frequent item set parameters according to the minimum support degree; finding out an association rule according to the minimum confidence coefficient, and extracting XSS features of the frequent item set parameters meeting the association rule; performing feature extraction on the sample data in the database by adopting an SVM classifier to form feature value data, and adding the XSS features into the feature value data of the SVM classifier;and carrying out SVM classification model training through the feature value data of the SVM classifier, generating a trained classification model, and detecting the XSS attack. According to the method, the SVM classifier is optimized based on the correlation analysis algorithm FP-growth, the XSS attack automatic detection is carried out, and the XSS attack detection accuracy is improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to an FP-tree optimized XSS attack automatic detection method. Background technique [0002] Cross-site scripting XSS attack is a common WEB attack. The main types are persistent, non-persistent, and DOM. Attackers usually inject JavaScript, VBScript, ActiveX, or Flash into vulnerable programs to deceive users. When When a user opens a page or link containing malicious code without knowing it, the corresponding malicious code is executed. At this time, the attacker can use this vulnerability to steal the user account and complete illegal transfers, illegal transfers, and web page hanging. Malicious behaviors such as horses and controlling the victim's machine for DDOS attacks, so cross-site scripting (XSS) is a more important node for WEB security. [0003] For the prevention of XSS attacks, the traditional method is to use XSS filters to complete the filtering of user input data. T...

AI Technical Summary

Problems solved by technology

[0003] For the prevention of XSS attacks, the traditional method is to use XSS filters to complete the filtering of user input data. This strategy is mainly to continuously update the source addresses containing XSS attacks to the database blacklist, and the blacklist URLs will be denied access by users. This is A static XSS attack prevention method, which is easily bypassed by hackers

[0004] For the data processing flow chart of the traditional SVM classifier, please refer to the appendix figure 2 , the existing method of completing XSS attack detection based on support vector machine SVM performs data cleaning and characterization on normal web access logs and XSS attack logs. In this step, the normal data is marked as 0, and the XSS attack data is marked as 1. Carry out data marking to form a feature data set, pass the model training of the SVM algorithm to the classifier for result detection, and generate a training model. The generated training model can be directly applied to the identification of XSS attacks, because the feature value extraction depends on Past experience, so the accuracy of model recognition is relatively low

Images