Research Of XSS Attack Detection Based On Derivative Attack Vectors And Classifier

XSS(Cross-Site Scripting)attacks,is one of the most common security threats in the field of Web applications.With the advent and development of Web 2.0,attack technologies based on XSS vulnerabilities continue to emerge in an endless stream and their harm is becoming more and more serious.They can achieve privacy gains,Hanging horse,Fishing and other illegal purposes,and have one after another major network security incidents,making Web users are facing major security threats.Most of the current detection methods are based on the eigenvalue matching technology of the input and output,using complex regular expressions to achieve attack detection,but it is difficult to detect attacks based on the confusion bypass technology.In order to defend and detect XSS attacks better,this paper uses the machine learning method to learn attack features,in order to achieve the purpose of detecting defensive XSS attacks based on abstract features.In this paper,based on the related research and technology in the vulnerability mining,we use fuzzy test,genetic algorithm and anti-filtering rule set to derive and complement the training samples,using XSS Cheat Sheet as a seed library,at the same time,improve the quality of the samples,to prepare for the following classification.Combining decision tree and Bayesian classification algorithm,we draw on the selection process of feature importance in decision tree,and use the concept of information gain to weight many features of the sample.Then we use the naive Bayes classifier to classify The sample,the classification results into probabilistic results,through the ROC curve to select the threshold.Finally,the derived model is applied to the recognition and detection of attack vectors.In the process of using the crawler for penetration testing,we investigate the accuracy and effectiveness of the proposed algorithm.When injecting the attack vector,we do not traverse and inject all the attack vectors traversing each injection point.Instead,we use the sample subset based on the injection point Injecting,greatly reducing the test time.The results show that the XSS attack detection model based on attack sample derivation and classification algorithms can detect XSS attack more effectively,with high presesion and recall rate,especially for unknown attack and coding obfuscation attack.