电子技术
電子技術
전자기술
ELECTRONIC TECHNOLOGY
2014年
4期
8-11
,共4页
跨站脚本%指令集随机化%代理%网页挂马
跨站腳本%指令集隨機化%代理%網頁掛馬
과참각본%지령집수궤화%대리%망혈괘마
cross site scripting%instruction set randomization%proxy%website embedded by Trojan
针对Web遭受跨站脚本攻击越来越严重的问题,设计了一个基于指令集随机化的服务器端XSS检测和防御模型,并在PhpBB网络论坛系统中进行了实现,通过对实验结果的分析可知,本系统可以很好地检测和防御反射型XSS攻击和存储型XSS攻击,同时能检测和防御因网络或操作系统层漏洞导致的网页篡改和网页挂马等恶意攻击行为。
針對Web遭受跨站腳本攻擊越來越嚴重的問題,設計瞭一箇基于指令集隨機化的服務器耑XSS檢測和防禦模型,併在PhpBB網絡論罈繫統中進行瞭實現,通過對實驗結果的分析可知,本繫統可以很好地檢測和防禦反射型XSS攻擊和存儲型XSS攻擊,同時能檢測和防禦因網絡或操作繫統層漏洞導緻的網頁篡改和網頁掛馬等噁意攻擊行為。
침대Web조수과참각본공격월래월엄중적문제,설계료일개기우지령집수궤화적복무기단XSS검측화방어모형,병재PhpBB망락론단계통중진행료실현,통과대실험결과적분석가지,본계통가이흔호지검측화방어반사형XSS공격화존저형XSS공격,동시능검측화방어인망락혹조작계통층루동도치적망혈찬개화망혈괘마등악의공격행위。
The authors design a XSS detection and prevention system aimed at solving the problem of website being attacked by increasingly sophisticated and severe cross site scripting. It is implemented with PhpBB forum using instruction set randomization techniques. According to the experimental result, our system not only can detect and prevent reflected XSS and stored XSS, but also can detect the attacks of web page defacement and website based Trojans caused by vulnerabilities from network or operating system layers.