| 基于SOAP消息的过度加密攻击检测算法 |
| |
| 引用本文: | 高文婕,赵逢禹.基于SOAP消息的过度加密攻击检测算法[J].计算机工程,2010,36(22):129-131. |
| |
| 作者姓名: | 高文婕 赵逢禹 |
| |
| 作者单位: | (上海理工大学光电信息与计算机工程学院,上海 200093) |
| |
| 基金项目: | 国家自然科学基金委员会与中国民用航空局联合基金资助项目,天津市自然科学基金资助项目 |
| |
| 摘 要: | 分析Web服务中的过度加密攻击场景、攻击特点以及SOAP消息特征,提出一种基于简单对象访问协议消息(SOAP)消息的过度加密攻击检测算法。通过检测标签ReferenceList的属性个数统计SOAP消息的加密次数,并将统计出的加密次数与预先设定的阈值进行比较,从而判断是否存在过度加密攻击。在.net WSE安全平台下验证了该检测算法的有效性。
|
| 关 键 词: | DoS攻击 简单对象访问协议消息 过度加密攻击 Web服务 |
Oversized Cryptography Attack Detection Algorithm Based on SOAP Message |
| |
| GAO Wen-jie,ZHAO Feng-yu.Oversized Cryptography Attack Detection Algorithm Based on SOAP Message[J].Computer Engineering,2010,36(22):129-131. |
| |
| Authors: | GAO Wen-jie ZHAO Feng-yu |
| |
| Affiliation: | (School of Optical-Electrical and Computer Engineering, University of Shanghai for Science and Technology, Shanghai 200093, China) |
| |
| Abstract: | This paper analyzes attack scene, attack features of oversized cryptography and Simple Object Access Protocol(SOAP) message feature of oversized cryptography in Web service, and presents an oversized cryptography attack detection algorithm based on SOAP message. Encryption frequency is counted by detecting the number of attribute in the label of ReferenceList. Then, encryption frequency and the predetermined value are compared to determine oversized cryptography is included or not. The validity of detection algorithm is tested on Web service platform of Microsoft .net WSE. |
| |
| Keywords: | DoS attack Simple Object Access Protocol(SOAP) message oversized cryptography attack Web service |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
