| 基于网络爬虫的跨站检测改进方法研究 |
| |
| 引用本文: | 希仁娜·亚森,方勇,张谦.基于网络爬虫的跨站检测改进方法研究[J].信息安全与通信保密,2012(10):55-58. |
| |
| 作者姓名: | 希仁娜·亚森 方勇 张谦 |
| |
| 作者单位: | 1. 新疆农业大学计算机与信息工程学院,新疆乌鲁木齐,830052
2. 四川大学电子信息学院,四川成都,610064 |
| |
| 摘 要: | 跨站攻击通常产生在用户与动态网站交互的输入接口,用于危害网络计算机系统安全和窃取用户隐私。为了防止这种攻击可采用基于网络爬虫的跨站检测方法,对于用户访问的网站进行检测,查看是否具有跨站漏洞或恶意代码。通过对现有跨站漏洞检测工具的工作原理及性能的分析,提出一种基于词汇动态加权重组的跨站漏洞检测方法,称为LDWR-XD。该方法在网页抓取,攻击代码检测等模块比以往工具都有明显的改进。最后,对系统的测试结果表明,系统具有一定的可行性与实用性。
|
| 关 键 词: | 跨站攻击 网络爬虫 攻击检测 词汇动态重组 |
Improved Method for Web Crawler-based Cross-site Detection |
| |
| Xirenna · Yasen,FANG Yong,ZHANG Qian.Improved Method for Web Crawler-based Cross-site Detection[J].China Information Security,2012(10):55-58. |
| |
| Authors: | Xirenna · Yasen FANG Yong ZHANG Qian |
| |
| Affiliation: | 1Computer and Information Engineering Institute, Xinjiang Agricultural University, Xinjiang Urumqi, 830052 China; 2College of Electronic Information, Sichuan University, Chengdu Sichuan 610064, China) |
| |
| Abstract: | Cross-site attack, usually created at the input interface of the user and dynamic website interaction, could damage the safety of network computer system and steal the user's privacy. In order to prevent the attack, Web crawler-based cross-site detection is used to check the user-access site and see whether there are cross-station holes or malicious codes. By analyzing the working principle, and performance of existing cross-site vulnerability testing tools, a cross-site loophole detection method based on dynamic weighted restructuring of vocabulary is proposed, called LDWR-XD. The method is remarkably improved in web grab, attack code detection and other modules. Finally, the test results show that the system is fairly feasible and practicable. |
| |
| Keywords: | |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
