| 基于SVM分类器的XSS攻击检测技术 |
| |
| 引用本文: | 赵澄,陈君新,姚明海.基于SVM分类器的XSS攻击检测技术[J].计算机科学,2018,45(Z11):356-360. |
| |
| 作者姓名: | 赵澄 陈君新 姚明海 |
| |
| 作者单位: | 浙江工业大学信息工程学院 杭州310023,浙江工业大学信息工程学院 杭州310023,浙江工业大学信息工程学院 杭州310023 |
| |
| 基金项目: | 本文受国家自然科学基金(61379123,4),浙江省教育厅资助 |
| |
| 摘 要: | Web应用高速发展的同时产生了大量安全漏洞,跨站脚本攻击(XSS)就是危害最为严重的Web漏洞之一,而基于规则的传统XSS检测工具难以检测未知的和变形的XSS。为了应对未知的和变形的XSS,文中提出了一种基于支持向量机(SVM)分类器的XSS攻击检测方案。该方案在大量分析XSS攻击样本及其变形样本和正常样本的基础上,提取最具代表性的五维特征并将这些特征向量化,然后进行SVM算法的训练和测试。通过准确率、召回率和误报率3个指标来对分类器的检测效果进行评价,并优化特征提取方式。改进后的SVM分类器与传统工具和普通SVM相比性能均有所提升。
|
| 关 键 词: | 跨站脚本攻击 特征向量化 SVM分类器 |
XSS Attack Detection Technology Based on SVM Classifier |
| |
| ZHAO Cheng,CHEN Jun-xin and YAO Ming-hai.XSS Attack Detection Technology Based on SVM Classifier[J].Computer Science,2018,45(Z11):356-360. |
| |
| Authors: | ZHAO Cheng CHEN Jun-xin and YAO Ming-hai |
| |
| Affiliation: | College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China,College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China and College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China |
| |
| Abstract: | A large number of security vulnerabilities appeare with the development of Web applications,XSS is one of the most harmful Web vulnerabilities.To deal with the unknown XSS,a XSS detection scheme based on support vector machine (SVM) classifier was proposed.The most representative five dimensional features are extracted to support the training of machine algorithms based on a large number of analysis of XSS attack samples.The feasibility of the SVM classifier was verified based on accuracy,recall and false alarm rate.In addition,the characteristics of deformed XSS samples were added to optimize the performance of the classifier.The improved SVM classifier has better performance compared with traditional tools and ordinary SVM. |
| |
| Keywords: | XSS attack Feature vectorization SVM classifier |
|
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
