基于URL随机化的web防攻击新方法的设计与实现

2016 International Conference on Computer, Information and Telecommunication Systems (CITS) Pub Date : 2016-07-06 DOI:10.1109/CITS.2016.7546416

W. Liu, Chengrong Wu, Haolin Jin, Shiyong Zhang

{"title":"基于URL随机化的web防攻击新方法的设计与实现","authors":"W. Liu, Chengrong Wu, Haolin Jin, Shiyong Zhang","doi":"10.1109/CITS.2016.7546416","DOIUrl":null,"url":null,"abstract":"Web security is an important part of information security. This paper proposes a new web anti-attack method based on URL randomization. Adding a random field in the URL leads that the attackers cannot get desired URLs through sniffing and scanning the static URLs. In the section of theoretical analysis, we analyze the probability that the attackers construct the correct URLs. Finally, we implement a prototype of the method we come up with and use it to measure the overhead the method will bring. Experiment results shows that the overhead the method brings is very little and this method has the significance of practical application.","PeriodicalId":340958,"journal":{"name":"2016 International Conference on Computer, Information and Telecommunication Systems (CITS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Design and implementation of a new web anti-attack method based on URL randomization\",\"authors\":\"W. Liu, Chengrong Wu, Haolin Jin, Shiyong Zhang\",\"doi\":\"10.1109/CITS.2016.7546416\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web security is an important part of information security. This paper proposes a new web anti-attack method based on URL randomization. Adding a random field in the URL leads that the attackers cannot get desired URLs through sniffing and scanning the static URLs. In the section of theoretical analysis, we analyze the probability that the attackers construct the correct URLs. Finally, we implement a prototype of the method we come up with and use it to measure the overhead the method will bring. Experiment results shows that the overhead the method brings is very little and this method has the significance of practical application.\",\"PeriodicalId\":340958,\"journal\":{\"name\":\"2016 International Conference on Computer, Information and Telecommunication Systems (CITS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Computer, Information and Telecommunication Systems (CITS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CITS.2016.7546416\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Computer, Information and Telecommunication Systems (CITS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CITS.2016.7546416","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

网络安全是信息安全的重要组成部分。提出了一种基于URL随机化的web防攻击方法。在URL中加入随机字段会导致攻击者无法通过嗅探和扫描静态URL获得想要的URL。在理论分析部分，我们分析了攻击者构造正确url的概率。最后，我们实现了我们提出的方法的原型，并使用它来度量该方法将带来的开销。实验结果表明，该方法带来的开销很小，具有实际应用意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Design and implementation of a new web anti-attack method based on URL randomization

Web security is an important part of information security. This paper proposes a new web anti-attack method based on URL randomization. Adding a random field in the URL leads that the attackers cannot get desired URLs through sniffing and scanning the static URLs. In the section of theoretical analysis, we analyze the probability that the attackers construct the correct URLs. Finally, we implement a prototype of the method we come up with and use it to measure the overhead the method will bring. Experiment results shows that the overhead the method brings is very little and this method has the significance of practical application.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference on Computer, Information and Telecommunication Systems (CITS)

自引率

0.00%

发文量