Web跨站脚本漏洞检测工具的设计与实现

分析跨站脚本漏洞的形成原因,提出从攻击作用位置角度对跨站脚本漏洞进行分类的方法,在此基础上完善跨站脚本漏洞检测模型,实现动态的漏洞检测工具,弥补现有工具的缺陷,检测结果更为完整。实验证明,该工具能有效检测Web应用程序中的跨站脚本漏洞,较同类工具更具优越性。     

基于系统调用的混合HMM/MLP异常检测模型

首先描述了基于隐马尔可夫模型(HMM)的异常检测方法并指出其缺点．然后提出了一种将多层感知机(MLP)用作HMM的概率估计器的方法,以克服HMM方法的不足．最后建立了一个基于系统调用的混合HMM/MLP异常检测模型,并给出了该模型的训练和检测算法．实验结果表明,该混合系统的漏报率和误报率都低于HMM方法．     

OSN中基于分类器和改进n-gram模型的跨站脚本检测方法

针对在线社交网络中跨站脚本(XSS)攻击的安全问题,提出了一种在线社交网络恶意网页的检测方法。该方法依据在线社交网络中跨站脚本恶意代码的传播特性,提取一组基于相似性和差异性的特征,构造分类器和改进n-gram模型,再利用两种模型的组合,检测在线社交网络网页是否恶意。实验结果表明,与传统的分类器检测方法相比,结合了改进n-gram模型的检测方法保证了检测结果的可靠性,误报率约为5%。     

自动化检测Android应用反射型跨站脚本漏洞的方法

提出一种自动化检测Android应用反射型跨站脚本漏洞的方法,通过对Android应用组件的识别和分类,自动化输入测试例和点击与输入框关联的按钮,监测运行结果判断应用是否具有潜在的反射型跨站脚本漏洞,并通过图像处理方法实现了对WebView的支持。基于该方法实现了一个原型工具。实验表明,该方法可以有效的检测Android应用的反射型跨站脚本漏洞,具有较高的实用性。     

改进编码-解码框架下的跨站脚本检测

为解决传统机器学习方法特征提取工作艰难导致对跨站脚本检测性能有限的问题,提出应用注意力机制改进编码-解码框架的方法并以此建立模型检测跨站脚本。由卷积神经网络和双向门控循环单元网络并行构成编码器,既考虑输入数据上下文信息,又充分提取有效特征;使用注意力机制解决传统编码-解码框架的“分心问题”;使用门控循环单元网络构成解码器,使用分类器进行分类检测。在收集到的数据集上进行仿真实验,验证了模型的有效性和性能优势。     

基于平台的XSS攻击缓解技术

研究人员和行业专家指出,跨站点脚本(XSS)是Web应用程序中最受黑客欢迎的漏洞之一.跨站点脚本已成为许多网站和Web应用程序的常见漏洞.XSS利用输入验证缺陷,目的是注入恶意代码,随后在受害者的Web浏览器中执行其脚本代码.网络应用程序的跨站点脚本攻击次数近年来有了快速的增长.这要求在服务器端有效的方法来保护应用程序的用户,因为漏洞的原因主要在于服务器端.根据最终用户使用的应用程序平台、中间件技术和浏览器等参数,在服务器端展示跨站点脚本(XSS)的两种缓解技术的性能比较.     

浅议跨站脚本攻击的检测与防护

随着互联网技术的迅猛发展,跨站脚本攻击逐渐成为威胁网站安全的重要攻击手段之一.阐述了跨站脚本攻击的原理,详细介绍了跨站脚本漏洞的检测方法与用例,并总结了防止跨站脚本攻击的防护方法与措施.     

服务器-客户端协作的跨站脚本攻击防御方法

在网络应用的链接中注入恶意代码,以此欺骗用户浏览器,当用户访问这些网站时便会受到跨站脚本攻击.为此,提出基于服务器端-客户端协作的跨站脚本攻击防御方法.利用规则文件、文档对象模型完整性测试和脚本混淆监测等方法,提高脚本的检测效率和准确性.实验结果表明,该方法能获得良好的攻击防御效果.     

跨站脚本攻击及防范技术研究

跨站脚本攻击是当前Web安全领域常用攻击手段。该文介绍了跨站脚本攻击的基本概念,揭示了跨站脚本漏洞的严重性,分析跨站脚本漏洞的触发机制,论述了两种常见跨站脚本攻击模式,展示了几种跨站脚本攻击效果。最后,分别从Web应用程序编写和客户端用户两个层次,对跨站脚本攻击的防范措施进行了阐述。     

基于单状态HMM的音频分类方法研究

经典的隐马尔可夫模型(HMM)是一种基于统计信号的模型,它在基于内容的音频检索系统中具有重要的作用。根据音频分类重类型轻内容的特性,将单状态的HMM用于音频分类,克服了多状态HMM在模型初始化时状态初始概率和转移概率赋值带有假设不准确的缺点。实验结果表明基于单状态的HMM模型音频分类方法能有效地减少误识率,提高音频分类的精确度。     

Multi-aspect target discrimination using hidden Markov models and neural networks

This paper presents a new multi-aspect pattern classification method using hidden Markov models (HMMs). Models are defined for each class, with the probability found by each model determining class membership. Each HMM model is enhanced by the use of a multilayer perception (MLP) network to generate emission probabilities. This hybrid system uses the MLP to find the probability of a state for an unknown pattern and the HMM to model the process underlying the state transitions. A new batch gradient descent-based method is introduced for optimal estimation of the transition and emission probabilities. A prediction method in conjunction with HMM model is also presented that attempts to improve the computation of transition probabilities by using the previous states to predict the next state. This method exploits the correlation information between consecutive aspects. These algorithms are then implemented and benchmarked on a multi-aspect underwater target classification problem using a realistic sonar data set collected in different bottom conditions.     

基于小波域隐马尔可夫模型的小波隐写分析

基于精确描述图像小波系数间统计特性的小波域二维隐马尔可夫模型(HMM)参数集合,提出一种针对小波域信息隐藏算法的新型隐写分析技术。通过使用二维HMM对小波系数进行建模,对生成的HMT森林在隐写前后的参数集合构造隐写分类特征,采用SVM分类器进行隐写判别。实验表明该方法适用于小波域隐写术的检测,对小波域QIM、MFP和BPCS隐写有较好的检测性能。     

Hybrid continuous speech recognition systems by HMM,MLP and SVM: a comparative study

This paper presents a new hybrid method for continuous Arabic speech recognition based on triphones modelling. To do this, we apply Support Vectors Machine (SVM) as an estimator of posterior probabilities within the Hidden Markov Models (HMM) standards. In this work, we describe a new approach of categorising Arabic vowels to long and short vowels to be applied on the labeling phase of speech signals. Using this new labeling method, we deduce that SVM/HMM hybrid model is more efficient then HMMs standards and the hybrid system Multi-Layer Perceptron (MLP) with HMM. The obtained results for the Arabic speech recognition system based on triphones are 64.68 % with HMMs, 72.39 % with MLP/HMM and 74.01 % for SVM/HMM hybrid model. The WER obtained for the recognition of continuous speech by the three systems proves the performance of SVM/HMM by obtaining the lowest average for 4 tested speakers 11.42 %.     

基于JSM和MLP改进发音错误检测的方法

针对发音错误检测的发音字典生成提出基于联合序列多阶模型(Joint-sequence multi-gram, JSM)和多层神经感知(Multi-layer perception, MLP)的方法. 首先使用JSM模型对发音错误进行建模, 将标准发音和错误发音组合为发音对, 表示它们之间的对应关系, 再使用N元文法来统计各发音对之间的关系, 描述错误发音对上下文关系的依赖. 最后使用MLP对发音对之间的关系进行重新建模, 以学习到在相似的上下文条件下发生的相似的错误. 实验证明使用MLP对高阶模型进行概率重估能有效的平滑概率空间, 提高了发音错误检测的性能.     

Harmony search-based hidden Markov model optimization for online classification of single trial eegs during motor imagery tasks

This paper presents an improved method based on single trial EEG data for the online classification of motor imagery tasks for brain-computer interface (BCI) applications. The ultimate goal of this research is the development of a novel classification method that can be used to control an interactive robot agent platform via a BCI system. The proposed classification process is an adaptive learning method based on an optimization process of the hidden Markov model (HMM), which is, in turn, based on meta-heuristic algorithms. We utilize an optimized strategy for the HMM in the training phase of time-series EEG data during motor imagery-related mental tasks. However, this process raises important issues of model interpretation and complexity control. With these issues in mind, we explore the possibility of using a harmony search algorithm that is flexible and thus allows the elimination of tedious parameter assignment efforts to optimize the HMM parameter configuration. In this paper, we illustrate a sequential data analysis simulation, and we evaluate the optimized HMM. The performance results of the proposed BCI experiment show that the optimized HMM classifier is more capable of classifying EEG datasets than ordinary HMM during motor imagery tasks.     

Speech recognition using hybrid hidden markov model and NN classifier

This paper discusses the use of an integrated HMM/NN classifier for speech recognition. The proposed classifier combines the time normalization property of the HMM classifier with the superior discriminative ability of the neural net (NN) classifier. Speech signals display a strong time varying characteristic. Although the neural net has been successful in many classification problems, its success (compared to HMM) is secondary to HMM in the field of speech recognition. The main reason is the lack of time normalization characteristics of most neural net structures (time-delay neural net is one notable exception but its structure is very complex). In the proposed integrated hybrid HMM/NN classifier, a left-to-right HMM module is used first to segment the observation sequence of every exemplar into a fixed number of states. Subsequently, all the frames belonging to the same state are replaced by one average frame. Thus, every exemplar, irrespective of its time scale variation, is transformed into a fixed number of frames, i.e., a static pattern. The multilayer perceptron (MLP) neural net is then used as the classifier for these time normalized exemplars. Some experimental results using telephone speech databases are presented to demonstrate the potential of this hybrid integrated classifier.