The Research Of XSS Detection And Defense Based Hash Tree Matching Model

With the development of Web2.0technology, it can provide the interactiveexperience for Internet users, Web application developer largely allows the user toinput the text of embed label that is just in order to increase the configurationflexibility and user experience, but this also provide an opportunity for an attacker toinsert cross-site scripting (XSS) attacks malicious script, Web services developmentlanguage inconsistency makes it impossible to have a single guard against XSSmethods deployed in different language development platform, such as PHP, JSP,CGI, PEAL. Based on the complex diversity of the browser, the server and the clientside may resolve inconsistencies to semantic behavior of the same statement in thesame document, and a variety of confusing methods means variability of the contentXSS attacks, however client browser script interpreter engine itself can’t distinguishthe attack script, it bring difficulty to defense of XSS attacks at some extent.Therefore,how to rapidly detect XSS attack, it is important to set up the effective security XSSdefense mechanism.At present, the cross-site scripting attack prevention strategies can be dividedinto three categories: pure server prevention, pure client prevention, server and clientcollaboration prevention, which involve input and output filtering, data flow tracking,permeability etc. Related XSS prevention methods is flawed in efficiency orperformance, such as deployment of complex, slow response time, false negative rateand false positive rate, This paper proposes a fast detection model based on hash treefeature library for the shortage of traditional prevention methods, which involves thehash tree algorithm, long integers of remainder algorithm, taint tracking markeralgorithm, similarity feature vectors of the DFA algorithm, it contains stain trackingmarker algorithm for the untrusted data flow trace flag, constructing the similarity offeature vector of the untrusted data using the finite state machine model DFA andusing the hash tree improved adaptive hash tree construction algorithm of the featurelibrary for fast matching detection. The implementation of the system architecture hasthe characteristics of simple, fast and efficient deployment of detection. The architecture come across the Web language development platform withoutintegration server script language configuration, and as server Web agent moduledeployment is also quick and simple without customer-side browser support. Thispaper finally describes the architecture specific implementation process, and analyzesthe experimental detection efficiency and performance problems, the results show thatthe model can effectively prevention related types cross-site scripting attack.