Cross-Site Scripting Attack Detection Method Based On Agent

In 2015, the computer technology has experienced a rapid development. The Web attacks based on Web application have attracted the close attention of the attackers. After the emergence of Web 2.0, XSS(Cross Site Scripting) vulnerabilities attack techniques are more and more harmful and numerous, XSS attacks based on Ajax technology can achieve privacy, link the website to the Trojan, and even phish, etc. The continuing occurrence of major network intrusion events make computer users face a serious threat. The current main detection methods such as Firefox NoScript are based on matching technology of input-output characteristic value, achieve attack detection with complex regular expression. But it finds no way for cross-site scripting attacks which dynamically damage the structural integrity of the original documents. Aim at the shortcomings of previous cross-site scripting attack detection design, combine with other existing testing programs and assisted analysis methods, this paper proposes a detection method to discover cross-site scripting attacks in agent environment and realize a prototype system named XSSDetection. The main works is as follows:Firstly, the study proposes an attack detection model based agent, which will not affect the server’s configuration and policy enforcement and also will not be affected by the fault tolerance of different browsers and the server resolution mechanism.Secondly, the study improves and optimizes the attack detection algorithm which uses HTML and JavaScript parsing engine to achieve dynamically update web pages and find the injection nodes. Meanwhile, we optimize the detection of matching parameters which makes algorithm can work on a variety of attack vectors and attack purposes, and can detect DOM-based XSS attacks effectively.Finally, we propose a precise URL whitelist policy which uses white detection vector to distinguish the request that has no XSS vulnerabilities URL. The policy diminishes the detection range and improves the efficiency of the system.Experiments show that the proposed XSSDetection system compared with the existing detection tools have obvious advantages, it achieved a low false alarm rate, a low false negatives detection, and the response time is less than similar tools Watcher, In the horizontal comparison, the correct rate is higher than that browser plug-in detection tools.this system is proved that the XSSDetection system have a certain reference value and promotional value on cross-site scripting detection system.