The Detection And Defense Research Of Scripting Attack Under Web Environment

Since twenty-first century, personal computer has become popular, the development of internet and computer technology was very rapid. During the process, viruses, trojans, worms, botnets have been a threat to internet security. Web2.0makes it easy for attackers to conduct attack. With the help of scripts in webpages, attackers steal user’s message, hijack user’s session and destroy user’s machine. Script security is becoming a hot topic in the field of security. In this paper, we will research scripting attack detection and prevention methods.This paper presents a webpage scripting attack detection and pr evention method which is based on characteristics of malicious code. Firstly, in order to improve efficiency, this paper takes advantage of hadoop to extract characteristic of malicious scripts in webpages. Secondly, in order to improve precision of scripts detection, this p aper proposes a method to weight the characteristic of malicious scr ipts. Terminally, we design a scripting detection and defense system and design an experiment to verify the function and performance of this system. Experimental results show that the proposed detectio n and defense system in this paper could detect malicious script in web pages and stop executing it.