OSN中基于分类器和改进n-gram模型的跨站脚本检测方法

doi:10.11772/j.issn.1001-9081.2014.06.1661

计算机应用 ›› 2014, Vol. 34 ›› Issue (6): 1661-1665.DOI: 10.11772/j.issn.1001-9081.2014.06.1661

OSN中基于分类器和改进n-gram模型的跨站脚本检测方法

李沁蕾¹,²,王蕊¹,贾晓启¹

1. 信息安全国家重点实验室(中国科学院信息工程研究所), 北京 100093
2. 中国科学院大学, 北京 100049

收稿日期:2013-11-28 修回日期:2014-01-15 出版日期:2014-06-01 发布日期:2014-07-02
通讯作者: 贾晓启
作者简介:李沁蕾(1989-),女,安徽铜陵人,硕士研究生,主要研究方向:恶意代码分析检测;王蕊(1981-),女,北京人,副研究员,博士,CCF会员,主要研究方向:网络与信息系统安全;贾晓启(1982-),男,北京人,副研究员,博士,CCF会员,主要研究方向:恶意代码分析检测、虚拟化、网络和操作系统安全。
基金资助:
国家自然科学基金资助项目;国家863计划项目;中国科学院战略性先导专项

Cross-site scripting detection in online social network based on classifiers and improved n-gram model

LI Ruilei¹,²,WANG Rui¹,JIA Xiaoqi¹

1. State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093, China;
2. University of Chinese Academy of Sciences, Beijing 100049, China

Received:2013-11-28 Revised:2014-01-15 Online:2014-06-01 Published:2014-07-02
Contact: JIA Xiaoqi

摘要/Abstract

摘要：

针对在线社交网络中跨站脚本(XSS)攻击的安全问题,提出了一种在线社交网络恶意网页的检测方法。该方法依据在线社交网络中跨站脚本恶意代码的传播特性,提取一组基于相似性和差异性的特征,构造分类器和改进n-gram模型,再利用两种模型的组合,检测在线社交网络网页是否恶意。实验结果表明,与传统的分类器检测方法相比,结合了改进n-gram模型的检测方法保证了检测结果的可靠性,误报率约为5%。

Abstract:

Due to the threats of Cross-Site Scripting (XSS) attack in Online Social Network (OSN), a approach combined classifiers and improved n-gram model was proposed to detect the malicious OSN webpages infected with XSS code. Firstly, similarity-based features and difference-based features were extracted to build classifiers and the improved n-gram model. After that, the classifiers and model were combined to detect malicious webpages in OSN. The experimental results show that compared with the traditional classifier detection methods, the proposed approach is more effective and the false positive rate is about 5%.

中图分类号:

TP393.08

李沁蕾王蕊贾晓启. OSN中基于分类器和改进n-gram模型的跨站脚本检测方法[J]. 计算机应用, 2014, 34(6): 1661-1665.

LI Ruilei WANG Rui JIA Xiaoqi. Cross-site scripting detection in online social network based on classifiers and improved n-gram model[J]. Journal of Computer Applications, 2014, 34(6): 1661-1665.

参考文献

[1]EMARKETER. Social media [EB/OL]. [2013-01-24] https://www.emarketer.com/Coverage/SocialMedia.aspx.
[2]Symantec.诺顿2012网络安全报告[R/OL].[2013-01-30].http://wenku.it168.com/d_000529769.shtml.
[3]HASIB A A. Threats of online social networks [J]. IJCSNS International Journal of Computer Science and Network Security, 2009, 9(11): 288-293.
[4]LIVSHITS V B, CUI W. Spectator: detection and containment of JavaScript worms[C]// ATC 2008: Proceedings of the USENIX 2008 Annual Technical Conference on Annual Technical Conference. Berkeley: USENIX Association, 2008: 335-348.
[5]CAO Y, YEGNESWARAN V, POSSAS P, et al. PathCutter: severing the self-propagation path of XSS JavaScript worms in social Web networks[EB/OL].[2013-10-10]. http://www.dnssec-test-dyn.com/sites/default/files/08_2.pdf.
[6]TER LOUW M, VENKATAKRISHNAN V N. Blueprint: robust prevention of cross-site scripting attacks for existing browsers[C]// Proceedings of the 2009 30th IEEE Symposium on Security and Privacy. Piscataway: IEEE Press, 2009: 331-346.
[7]LIKARISH P, JUNG E, JO I. Obfuscated malicious JavaScript detection using classification techniques[C]// Proceedings of the 2009 4th International Conference on Malicious and Unwanted Software. Piscataway: IEEE Press, 2009: 47-54.
[8]NUNAN A E, SOUTO E, dos SANTOS E M, et al. Automatic classification of cross-site scripting in Web pages using document-based and URL-based features[C]// Proceedings of the 2012 IEEE Symposium on Computers and Communications. Piscataway: IEEE Press, 2012: 702-707.
[9]LI W-J, WANG K, STOLFO S J, et al. Fileprints: identifying file types by n-gram analysis[C]// IAW 2005: Proceedings of the 6th Annual IEEE Systems, Man, and Cybernetics. Piscataway: IEEE Press, 2005: 64-71.
[10]LANZI A, BALZAROTTI D, KRUEGEL C, et al. AccessMiner: using system-centric models for malware protection[C]// Proceedings of the 17th ACM Conference on Computer and Communications Security. New York: ACM Press, 2010: 399-412.
[11]KIM B I, IM C T, JUNG H C. Suspicious malicious Web site detection with strength analysis of a JavaScript obfuscation[J]. International Journal of Advanced Science and Technology, 2011, 26:19-32.
[12]XU W, ZHANG F, ZHU S. Toward worm detection in online social networks[C]// Proceedings of the 26th Annual Computer Security Applications Conference. New York: ACM Press, 2010: 11-20.
[13]FAGHANI M R, SAIDI H. Malware propagation in online social networks[C]// Proceedings of the 2009 4th International Conference on Malicious and Unwanted Software. Piscataway: IEEE Press, 2009: 8-14.
[14]FAGHANI M R, SAIDI H. Social networks' XSS worms[C]// CSE 2009: Proceedings of the 2009 International Conference on Computational Science and Engineering. Piscataway: IEEE Press, 2009, 4: 1137-1141.
[15]FREUND Y, MASON L. The alternating decision tree learning algorithm[C]// ICML 1999: Proceedings of the 16th International Conference on Machine Learning. San Francisco: Morgan Kaufmann Publishers, 1999: 124-133.
[16]SAMY. I'm popular [EB/OL]. [2013-06-10] http://namb.la/popular/

OSN中基于分类器和改进n-gram模型的跨站脚本检测方法

Cross-site scripting detection in online social network based on classifiers and improved n-gram model

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	毕文婷林海涛张立群. 基于多阶段演化信号博弈模型的移动目标防御决策算法[J]. 计算机应用, 0, (): 0-0.
[2]	朱玉娜, 张玉涛, 闫少阁, 范钰丹, 陈韩托. 基于半监督子空间聚类的协议识别方法[J]. 计算机应用, 2021, 41(10): 2900-2904.
[3]	肖跃雷, 邓小凡. 基于证书的有线局域网安全关联方案改进与分析[J]. 计算机应用, 2021, 41(7): 1970-1976.
[4]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[5]	王垚, 孙国梓. 基于聚类和实例硬度的入侵检测过采样方法[J]. 计算机应用, 2021, 41(6): 1709-1714.
[6]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[7]	郭帅, 苏旸. 基于数据流的加密流量分类方法[J]. 计算机应用, 2021, 41(5): 1386-1391.
[8]	陈权李莉陈永乐段跃兴. 面向深度学习可解释性的对抗攻击算法[J]. 计算机应用, 0, (): 0-0.
[9]	张全龙, 王怀彬. 基于膨胀卷积和门控循环单元组合的入侵检测模型[J]. 计算机应用, 2021, 41(5): 1372-1377.
[10]	唐延强, 李成海, 宋亚飞. 基于改进粒子群优化和极限学习机的网络安全态势预测[J]. 计算机应用, 2021, 41(3): 768-773.
[11]	杭梦鑫, 陈伟, 张仁杰. 基于改进的一维卷积神经网络的异常流量检测[J]. 计算机应用, 2021, 41(2): 433-440.
[12]	欧彬利, 钟夏汝, 代建华, 杨田. 基于变精度覆盖粗糙集的入侵检测方法[J]. 计算机应用, 2020, 40(12): 3465-3470.
[13]	杨建喜, 张媛利, 蒋华, 朱晓辰. 边缘计算中基于深度Q网络的物理层假冒攻击检测方法[J]. 计算机应用, 2020, 40(11): 3229-3235.
[14]	陈旖, 张美璟, 许发见. 基于一维卷积神经网络的HTTP慢速DoS攻击检测方法[J]. 计算机应用, 2020, 40(10): 2973-2979.
[15]	王韫烨, 程亚歌, 贾志娟, 付俊俊, 杨艳艳, 何宇矗, 马威. 基于安全多方的区块链可审计签名方案[J]. 计算机应用, 2020, 40(9): 2639-2645.