Research On XSS Vulnerability Detection Model Based On Feature Injection

Cross site scripting(XSS)attack is one of the biggest security problem of Web application at present.The vulnerability detection model XSS-SAFE proposed by researchers can automatically detect XSS attacks.XSS-SAFE is designed based on the idea of injecting the features of Java Script and introduced an idea of injecting the sanitization routines in the source code of Java Script to detect and mitigate the malicious injected XSS attack vectors.We have evaluated our approach on five real world Java Server Pages(JSP)programs.The results indicate that XSS-SAFE detects and mitigates most of the previously known and unknown XSS attacks with minimum false positives,zero false-negative rate,and low runtime overhead.In this paper,using the XSS-SAFE vulnerability detection model as the research object,through the analysis of the basic components of the XSS-SAFE model and the key technology,we found the model's two deficiencies.The first is that the redundancy of feature injection position causes the reducing of detection efficiency,and the increasing of false alarm rate;The second is that the correct rate of XSS-SAFE second phase should be improved.We put forward methods to improve the deficiencies of the model.The specific research work includes the following two aspects:The research on malicious code and benign code classification based on classification feature and dynamic testing.Before the feature injection,we use the classification features and the dynamic testing method to filter redundant position,which greatly reduced the feature injection position.This essay changed the feature injection model of the XSS-SAFE,and the improved effect is analyzed by experiment.Using Apriori algorithm and FP-growth algorithm to discover the frequent item sets of attack vectors.Apriori algorithm is a fast algorithm to discover frequent item sets.Firstly,we analyze the XSS attack statement,and find its frequent item sets based on Apriori algorithm and FP-growth algorithm.Secondly,the user request is analyzed and the FP-growth algorithm is used to filter the user's request,which obviously improves the efficiency.Finally,the number of feature injection positions of the XSS-SAFE model is reduced,and the correct rate and efficiency of the model is improved.