Research On XSS Phishing Attack Detection Technology Based On Regular Matching

With the development of Internet, electronic commerce, social network, electronic finance and other network platforms have become an indispensable part of people’s life. Internet brings people convenience, but meanwhile it also provides phishers with the opportunities to steal the illegal interests. Attackers lure users to visit phishing pages, and then steal users’ account names, password, bank accounts and other private information. Recently, with the popularity of the cross site scripting attack technology, phishers inject malicious script code into the legitimate Web site by using the XSS vulnerability, and implement a new kind of Phishing attack known as XSS Phishing. As the XSS Phishing occurs in the legitimate website and avoids varieties of traditional phishing detections, compared with traditional phishing detection technologies, it has higher rate in attacking deceptive and success. In view of the XSS Phishing attack, the existing detection methods in terms of detection range or accuracy still suffer many deficiencies. Therefore, it is imperative to develop an efficient and accurate detection method for this new type of attack.Combing the shortage of existing detection technologies and characteristics of the XSS Phishing attack, this paper proposes the XSS Phishing attack detection method based on regular matching, and shorted as REXPH. The main work of this paper is as follows:(1) Design of XSS Phishing attack detection method based on regular matching. Firstly, this paper analyzes the principle of attacking and detection methods for the traditional phishing and XSS phishing, and points out the shortcomings of the existing detection methods. Then, a detailed description of the REXPH detection method and the core of pseudo code are presented in the paper. Finally, this paper extracts the characteristics of XSS Phishing normal attack, XSS Phishing deformation attack and the third party links, and obtains the 6 essential regular expressions in REXPH detection method.(2) The design and implementation of the REXPH prototype system. This paper also implements a prototype of REXPH detection system, which consists of 5 modules for data preprocessing, regular detection, deformation code reduction, results determination and third party link re-detected.(3) The experiment of REXPH method and comparison with other methods. This paper tests the system with different types of XSS Phishing attack samples, and compares the test results with existing methods using the same samples. The paper shows that the proposed REXPH can be applied in various XSS Phishing attacks. In contrast to the existing methods, the REXPH performs better in accuracy and with lower false negative rate. All these results imply the applications advantages of the REXPH in XSS Phishing detection.