Research On XSS Attack Detection Method Based On Fast Filtering And Double-Layer Classifier

In the face of increasingly complex and variable XSS attacks,traditional detection methods have defects such as low detection efficiency and detection performance,for this reason,this paper focuses on XSS attack detection and proposes an XSS attack detection method based on fast filtering and double-layer classifier,and the main research work is as follows.First,in order to obtain high-quality data,the corresponding crawler algorithm is designed for specific web pages to crawl the relevant data,and in order to ensure the detection performance of the constructed model,data pre-processing work such as data cleaning,decoding,generalization,and word separation is performed on the original data,and the corresponding feature vectors are extracted from them.Second,a fast filtering-based initial screening model for XSS attacks is proposed for realistic scenarios where normal data is much more than XSS attack data.The model utilizes a strict whitelist,an improved plain Bayesian algorithm,and thus is able to filter out most of the normal data as a way to reduce the overall size of the data,improve the speed of matching threat intelligence using prefix trees,and reduce the detection time.Again,to address the problem of low detection accuracy of XSS attacks,we propose an improved LSTM-based XSS attack detection model.The model can not only identify XSS attacks initially by using simple rules,but also detect the "suspected" attack data twice by using LSTM algorithm to accurately detect the real XSS attacks,thus obtaining good detection results.Then,a threat intelligence-based XSS attack detection model is proposed for the problem that malicious jump links are difficult to detect.The model constructs a threat intelligence list using malicious domain names and malicious IPs,extracts the domain names or IPs in the data to be detected,matches them with the threat intelligence list,and a successful match can directly determine the data as an XSS attack.Finally,effectiveness experiments were conducted on the detection effect of the combination of fast filtering and double-layer classifier,comparing the detection effect of the threat intelligence model before and after its use,and comparing experiments and results analysis with other XSS attack detection methods.