Computer Science ›› 2018, Vol. 45 ›› Issue (11A): 356-360.

• Information Security • Previous Articles     Next Articles

XSS Attack Detection Technology Based on SVM Classifier

ZHAO Cheng, CHEN Jun-xin, YAO Ming-hai   

  1. College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China
  • Online:2019-02-26 Published:2019-02-26

Abstract: A large number of security vulnerabilities appeare with the development of Web applications,XSS is one of the most harmful Web vulnerabilities.To deal with the unknown XSS,a XSS detection scheme based on support vector machine (SVM) classifier was proposed.The most representative five dimensional features are extracted to support the training of machine algorithms based on a large number of analysis of XSS attack samples.The feasibility of the SVM classifier was verified based on accuracy,recall and false alarm rate.In addition,the characteristics of deformed XSS samples were added to optimize the performance of the classifier.The improved SVM classifier has better performance compared with traditional tools and ordinary SVM.

Key words: Feature vectorization, SVM classifier, XSS attack

CLC Number: 

  • TP393
[1]张伟,吴灏,邹郅路.针对基于编码的跨站脚本攻击分析及防范方法[J].小型微型计算机系统,2013,34(7):1615-1619.
[2]SHASHANK G,GUPTA B B,POOJA C.Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network[J].Future Generation Computer Systems,2018,79(1):319-336.
[3]WANG W,LIU J Q,PITSILIS G,et al.Abstracting massive data for lightweight intrusion detection in computer networks[J].Information Sciences,2018,433:417-430.
[4]吴少华,程书宝,胡勇.基于SVM的Web攻击检测技术[J].计算机科学,2015,42(6A):362-364.
[5]MAHMOOD M,ALI Y V.New rule-based phishing detection method[J].Expert Systems With Applications,2016,53:231-242.
[6]SALAS M I P,MARTINS E.Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Securi-ty[J].Electronic Notes in Theoretical Computer Science,2014,302(302):133-154.
[7]ADEVA J J G,ATXA J M P.Inrusion detection in web application using text mining[J].Engineering Applications of Artificial Intelligence,2007,20(4):555-566.
[8]ROCHA T S,SOUTO E.ETSSDetector:A Tool to Automati-cally Detect Cross-Site Scripting Vulnerabilities[C]∥NetWork Computing and Applications.IEEE Computer Society,2014:306-309.
[9]BISHT P,VENKATAKRISHNAN V N.XSS-GUARD:Precise Dynamic Prevention of Cross-Site Scripting Attacks[C]∥In Proceeding of Conference on Detection of Intrusions and Malware & Vulnerability Assessment.2008:23-43.
[10]邱永华.XSS跨站脚本攻击剖析与防御[M].北京:人民邮电出版社,2013.
[11]AHUSBORDE E,AZAIEZ M,BELGACEM F B,et al.Mercer’s spectral decomposition for the characterization of thermal parameters[J].Journal of Computational Physics,2015,294(C):1-19.
[1] LI Meng-he, XU Hong-ji, SHI Lei-xin, ZHAO Wen-jie, LI Juan. Multi-person Activity Recognition Based on Bone Keypoints Detection [J]. Computer Science, 2021, 48(4): 138-143.
[2] LI Kun-lun, ZHANG Ya-xin, LIU Li-li and GENG Xue-fei. Palmprint Recognition Based on Improved PCA and SVM [J]. Computer Science, 2015, 42(Z11): 146-150.
[3] SHEN Xuan-jing, LI Meng-zhen, LV Ying-da and CHEN Hai-peng. Blind Identification Algorithm of Photorealistic Computer Graphics Based on Local Binary Count [J]. Computer Science, 2015, 42(6): 135-138.
[4] LIU Chun-li and ZHANG Gong. Grain Classification Based on Edge Feature [J]. Computer Science, 2013, 40(7): 280-282.
[5] ZHANG Yong,XUE Zhi-mao. Face Detection System Design Based on Two Classifiers [J]. Computer Science, 2010, 37(4): 293-.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!