XXE attack detection method, system and device and computer storage medium

An attack detection and computer program technology, applied in computer security devices, calculations, instruments, etc., can solve problems affecting XML services, unable to detect XXE attacks, etc., and achieve the effect of improving detection accuracy
CN113111345APending Publication Date: 2021-07-13SANGFOR TECH INC
14 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SANGFOR TECH INC
Publication Date
2021-07-13

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses an XXE attack detection method, system and device and a computer storage medium. The method comprises the steps of obtaining to-be-detected XML data; converting the XML data to be detected into a corresponding detection graph; traversing and mining the detection image to obtain a mining result; and judging whether the to-be-detected XML data carries the XXE attack or not based on the mining result. According to the method, the to-be-detected XML data is converted into the corresponding detection graph, and due to the connectivity and transitivity of the graph, even if the to-be-detected XML data carries the hidden attack information, the original attack information corresponding to the hidden attack information can be obtained by traversing and mining the detection graph, so that the hidden attack information can be detected, and the hidden attack information can be detected. The hidden attack information in the to-be-detected XML data can be judged together, so that the detection accuracy of the XXE attack is improved, and the XML service is not influenced. According to the XXE attack detection system and device and the computer readable storage medium provided by the invention, the corresponding technical problems are also solved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The present application relates to the technical field of computer security, and more specifically, relates to an XXE attack detection method, system, device and computer storage medium. Background technique

[0002] Extensible Markup Language is a subset of Standard Universal Markup Language, referred to as XML (eXtensible MarkupLanguage), and is a markup language used to mark electronic documents to make them structural. In the application process of XML, when the XML carries external entities, the XML parser will obtain the content of the external entities and insert them into the XML document when parsing the external entities, and when the external entities carry attack information, it will cause XXE (XML External Entity Injection) attack. In order to ensure the security of the computer, it is necessary to detect and defend against XXE attacks.

[0003] An existing XXE attack detection method is: use the method of disabling external entities pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More