| HTML5 technology has become more and more popular in Web applications because of its good support for mobile devices,cross-browser, easy to use and so on. However, the rising of HTML5 also brings some security issues. Some new attack methods in HTML5 were introduced , such as API abuse, offline application cache poisoning, local storage attack and so on. However, there are still some old attacks in HTML5, such as cross-site scripting attack, click hijacking attack,cross-site request forgery attack and so on. Therefore, with the popular of HTML5 at the same time, the security vulnerabilities caused by the harm are getting worse, the research of HTML5 security and defense has important significance.In this paper, the cross-site scripting attack based on HTML5 was researched in detail.The intrusion detection algorithm for cross-site scripting attack was studied, a defense model based on cross-site scripting attacks was designed and the defense system was implemented. The main work and innovations are as follows:(1)A defense model for XSS attack based on HTML5 was designed.The overall structure of the model was studied and the model was divided into three parts: the client, intrusion detection and server. The principle of each module was elaborated.(2)The XSS intrusion detection algorithm was designed and implemented. The string matching algorithm was used to detect the XSS attack, and the KMP algorithm was improved.The improved algorithm was applied to the XSS defense system.(3)The XSS defense system based on HTML5 was designed and implemented. The overall framework of the system was designed, and the three main modules, client defense module, intrusion detection module and server-side defense module were achieved.(4)The defense system was analyzed and evaluated.The Experiments show that the defense model for the cross-site scripting attack based on HTML5 can meet the requirements of general Web application. |
PDF Full Text Request