XXE attack detection method, system and device and computer storage medium

An attack detection and computer program technology, applied in computer security devices, calculations, instruments, etc., can solve problems affecting XML services, unable to detect XXE attacks, etc., and achieve the effect of improving detection accuracy

Pending Publication Date: 2021-07-13
SANGFOR TECH INC
View PDF14 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] An existing XXE attack detection method is: use the method of disabling external entities provided by the development language to disable external entities. Although this method prevents XXE attacks, it fundamentally prohibits the related functions of external entities in XML language and affects XML. business; another XXE attack detection method is: filter the XML data submitted by users based on rule matching, but when the matching keywords and other encodings and nesting are hidden, XXE attacks cannot be detected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XXE attack detection method, system and device and computer storage medium
  • XXE attack detection method, system and device and computer storage medium
  • XXE attack detection method, system and device and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0059]Extensible Markup Language is a subset of Standard Universal Markup Language, referred to as XML (eXtensible MarkupLanguage), and is a markup language used to mark electronic documents to make them structural. In the application process of XML, when the XML carries external entities, the XML parser will obtain the content of the external entities and insert them into the XML document when parsing the external entities, and when the external ent...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an XXE attack detection method, system and device and a computer storage medium. The method comprises the steps of obtaining to-be-detected XML data; converting the XML data to be detected into a corresponding detection graph; traversing and mining the detection image to obtain a mining result; and judging whether the to-be-detected XML data carries the XXE attack or not based on the mining result. According to the method, the to-be-detected XML data is converted into the corresponding detection graph, and due to the connectivity and transitivity of the graph, even if the to-be-detected XML data carries the hidden attack information, the original attack information corresponding to the hidden attack information can be obtained by traversing and mining the detection graph, so that the hidden attack information can be detected, and the hidden attack information can be detected. The hidden attack information in the to-be-detected XML data can be judged together, so that the detection accuracy of the XXE attack is improved, and the XML service is not influenced. According to the XXE attack detection system and device and the computer readable storage medium provided by the invention, the corresponding technical problems are also solved.

Description

technical field [0001] The present application relates to the technical field of computer security, and more specifically, relates to an XXE attack detection method, system, device and computer storage medium. Background technique [0002] Extensible Markup Language is a subset of Standard Universal Markup Language, referred to as XML (eXtensible MarkupLanguage), and is a markup language used to mark electronic documents to make them structural. In the application process of XML, when the XML carries external entities, the XML parser will obtain the content of the external entities and insert them into the XML document when parsing the external entities, and when the external entities carry attack information, it will cause XXE (XML External Entity Injection) attack. In order to ensure the security of the computer, it is necessary to detect and defend against XXE attacks. [0003] An existing XXE attack detection method is: use the method of disabling external entities pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F40/253
CPCG06F21/562
Inventor 文成龙黄忠强
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap