XSS Attack Detection and Prevention System Based on Instruction Set Randomization
[摘要] As one of the most popular security vulnerabilities in Web applications, XSS has been widely researched and applied. This paper presents a XSS detection and prevention system aimed at solving the problem of website being attacked by increasingly sophisticated and severe XSS. The method proposed in this paper encodes the HTML/JavaScript keyword in the Web application by randomization and distinguishes the malicious attacks. The results show that this method not only can effectively detect and defend reflective and storage XSS attacks, but also it has better system response.
[发布日期] [发布机构] College of Information Engineering, Anhui Xinhua University, China^1;Institute of Intelligent Machines, Chinese Academy of Sciences, China^2;Information Technology Security Evaluation Center, University of Science and Technology of China, China^3
[效力级别] 计算机科学 [学科分类]
[关键词] Instruction-set randomization;Malicious attack;Prevention systems;Security vulnerabilities;System response;WEB application;Xss attacks [时效性]
