| Due to the fact that the society is increasingly dependent on the internet,the network security is becoming more and more important.In the current complex and severe network security situation,it is urgent to strengthen the network security.However,the cross-site scripting vulnerability,one of the most widely distributed vulnerabilities,has been difficult to eradicate for a long time and has become a major threat to the network security.It also has a tendency to spread to the mobile terminals,such as the mobile browsers and applications.In contrast,the mitigation of the cross-site scripting vulnerability has not yet attaind the performance expected,although the technology of the cross-site scripting denfense has been continuously upgraded in recent years and the new technologies such as machine learning also have been applied to the vulnerability scanning,prevetion,as well as the detection and defense of the cross-site scripting attacks.This thesis indicates that the current detection of cross-site scripting with machine learning have picked up similar threads.Among the existed methods,they train the model with machine learning by the features extracted from the web request data and apply the model to the detection.These methods modeling by the basic probability distribution may be effective for some simple types of the cross-site scripting attacks,but they can?t be applied to the complex and changeable payloads of the cross-site scripting attacks.On the other side,the payloads of the cross-site scripting attacks exist in the stage for both of the web request and response.This makes it impossible to detect all the cross-site scripting attacks by relying only on the web request.Therefore,this thesis proposes a new method for detecting the cross-site script based on Gaussian mixture model with the innovations as below.First,this method applys the Gaussian mixture model to model the multi-modal distribution of the cross-site scripting attack,so as to match its features more accurately.Second,the data from the web response is applied to the model to expand the ability for detecting the stored cross-site scripting.Third,this method also extracts the features from the normal traffic separately besides the attack traffic and integrates the detection capabilities of the black and white models to form a dual model for detecting,which further improves the accuracy and the precision of the detection in this thesis.As a result,the detection method we proposed also performs well on unknown types of cross-site scripting. |
PDF Full Text Request