Research Of XSS Vulnerability Detection And Mining Technology

Due to the rise of the Internet,Web applications are led to the peak,but it has also led to various and serious web attacks frequently.Web security is facing a severe crisis.All kinds of the security events have affected the development of Web application,including the most seriouscross-site scripting attacks.XSS will cause a serious harm to victims,because it inserts and executes malicious script codes to hijack user’s sessions,steal cookies and other confidential information.So it is very necessary to research on the cross-site scripting vulnerability.This paper analyses the principle and characteristic of XSS vulnerability and then proposes XSS detection and mining model combining the classification attack detection algorithm based on injection mining and the attack vector generation algorithm.We design and implement the XSS vulnerability detection and mining system in the basis of the model.The experiments show that the system improves efficiency of XSS vulnerability decteion to some extent.The main research contents and achievements are as follows:(1)According to XSS vulnerability problem,we design a model of XSS vulnerability detection and mining.Then we analysis the overall design of the model and explain all modules in detail.(2)Research the XSS vulnerability detection and mining algorithm.We propose mining algorithm for different injection points,classification attack detection algorithm and attack vector generation algorithm.Apply these algorithms in XSS vulnerability detection and mining system which can improve efficiency of XSS vulnerability decteion.(3)Design and implement the XSS vulnerability detection and mining system.Design and study the overall architechture of the system.Analyse and design XSS web crawler module and XSS vulnerability detection module in detail and give the implementation scheme.(4)Evaluate function and performance of system.The results show that the system has a better performance than other XSS detection tools.This paper mainly studies XSS vulnerability detection and mining technology and implements the XSS vulnerability detection and mining system.In the end of the paper we evaluate the system.The results show that the system is feasible and effective.