检测跨站攻击web应用程序的数学算法

Q3 Engineering

Journal of Automation and Information Sciences Pub Date : 2021-05-01 DOI:10.34229/1028-0979-2021-3-6

R. Khamdamov, K. Kerimov

{"title":"检测跨站攻击web应用程序的数学算法","authors":"R. Khamdamov, K. Kerimov","doi":"10.34229/1028-0979-2021-3-6","DOIUrl":null,"url":null,"abstract":"Recently, attacks on web applications, such as SQL injection and cross-site scripting (XSS), have tended to increase. In this article, we proposed a new algorithm for detecting XSS attacks on a web application based on the analysis of the frequency of occurrence of special characters. The paper proposes mathematical modeling and a method for identifying XSS attacks using a function bounded below that depends on the input string. To build this function, special characters and keywords were used, which are often found in the construction of XSS attacks. Mathematical modeling and identification of information objects plays an important role in solving the problems of pattern recognition. One such task is to detect attacks or normal requests to web applications. Research devoted to the study of the detection of attacks or normal requests to web applications began relatively recently. Nevertheless, there is a lot of research in this direction. In this paper, we propose mathematical modeling and a method for identifying XSS attacks using a function bounded below that depends on the input string. To build this feature, we used special characters and keywords that are often found in building XSS attacks. In the proposed method, it is possible to detect XSS attacks using one special character or one keyword. Nevertheless, it can be experimentally shown that the proposed detection method using a set of numerous characters and words allows us to determine more accurately the vulnerability of the type of XSS attacks. The aim of this work is to develop an algorithm for detecting XSS attacks. To achieve this, we focused on the characters that are often included in the XSS attack string.","PeriodicalId":54874,"journal":{"name":"Journal of Automation and Information Sciences","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MATHEMATICAL ALGORITHM FOR DETECTING XSS ATTACKS ON WEB APPLICATIONS\",\"authors\":\"R. Khamdamov, K. Kerimov\",\"doi\":\"10.34229/1028-0979-2021-3-6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, attacks on web applications, such as SQL injection and cross-site scripting (XSS), have tended to increase. In this article, we proposed a new algorithm for detecting XSS attacks on a web application based on the analysis of the frequency of occurrence of special characters. The paper proposes mathematical modeling and a method for identifying XSS attacks using a function bounded below that depends on the input string. To build this function, special characters and keywords were used, which are often found in the construction of XSS attacks. Mathematical modeling and identification of information objects plays an important role in solving the problems of pattern recognition. One such task is to detect attacks or normal requests to web applications. Research devoted to the study of the detection of attacks or normal requests to web applications began relatively recently. Nevertheless, there is a lot of research in this direction. In this paper, we propose mathematical modeling and a method for identifying XSS attacks using a function bounded below that depends on the input string. To build this feature, we used special characters and keywords that are often found in building XSS attacks. In the proposed method, it is possible to detect XSS attacks using one special character or one keyword. Nevertheless, it can be experimentally shown that the proposed detection method using a set of numerous characters and words allows us to determine more accurately the vulnerability of the type of XSS attacks. The aim of this work is to develop an algorithm for detecting XSS attacks. To achieve this, we focused on the characters that are often included in the XSS attack string.\",\"PeriodicalId\":54874,\"journal\":{\"name\":\"Journal of Automation and Information Sciences\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Automation and Information Sciences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.34229/1028-0979-2021-3-6\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Automation and Information Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34229/1028-0979-2021-3-6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 0

摘要

最近，对web应用程序的攻击，如SQL注入和跨站点脚本（XSS），有增加的趋势。在本文中，我们在分析特殊字符出现频率的基础上，提出了一种新的检测web应用程序XSS攻击的算法。本文提出了一种数学建模和识别XSS攻击的方法，该方法使用了一个依赖于输入字符串的函数。为了构建这个函数，使用了特殊的字符和关键字，这些字符和关键字经常出现在XSS攻击的构建中。信息对象的数学建模和识别在解决模式识别问题中起着重要作用。其中一项任务是检测对web应用程序的攻击或正常请求。专门研究检测网络应用程序的攻击或正常请求的研究是最近才开始的。尽管如此，在这个方向上还是有很多研究的。在本文中，我们提出了一种数学建模和识别XSS攻击的方法，该方法使用下面定义的函数，该函数取决于输入字符串。为了构建此功能，我们使用了构建XSS攻击中经常出现的特殊字符和关键字。在所提出的方法中，可以使用一个特殊字符或一个关键字来检测XSS攻击。然而，实验表明，所提出的使用大量字符和单词的检测方法使我们能够更准确地确定XSS攻击类型的脆弱性。这项工作的目的是开发一种检测XSS攻击的算法。为了实现这一点，我们将重点放在XSS攻击字符串中经常包含的字符上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

MATHEMATICAL ALGORITHM FOR DETECTING XSS ATTACKS ON WEB APPLICATIONS

Recently, attacks on web applications, such as SQL injection and cross-site scripting (XSS), have tended to increase. In this article, we proposed a new algorithm for detecting XSS attacks on a web application based on the analysis of the frequency of occurrence of special characters. The paper proposes mathematical modeling and a method for identifying XSS attacks using a function bounded below that depends on the input string. To build this function, special characters and keywords were used, which are often found in the construction of XSS attacks. Mathematical modeling and identification of information objects plays an important role in solving the problems of pattern recognition. One such task is to detect attacks or normal requests to web applications. Research devoted to the study of the detection of attacks or normal requests to web applications began relatively recently. Nevertheless, there is a lot of research in this direction. In this paper, we propose mathematical modeling and a method for identifying XSS attacks using a function bounded below that depends on the input string. To build this feature, we used special characters and keywords that are often found in building XSS attacks. In the proposed method, it is possible to detect XSS attacks using one special character or one keyword. Nevertheless, it can be experimentally shown that the proposed detection method using a set of numerous characters and words allows us to determine more accurately the vulnerability of the type of XSS attacks. The aim of this work is to develop an algorithm for detecting XSS attacks. To achieve this, we focused on the characters that are often included in the XSS attack string.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Automation and Information Sciences AUTOMATION & CONTROL SYSTEMS-

自引率

0.00%

发文量

审稿时长

6-12 weeks

期刊介绍： This journal contains translations of papers from the Russian-language bimonthly "Mezhdunarodnyi nauchno-tekhnicheskiy zhurnal "Problemy upravleniya i informatiki". Subjects covered include information sciences such as pattern recognition, forecasting, identification and evaluation of complex systems, information security, fault diagnosis and reliability. In addition, the journal also deals with such automation subjects as adaptive, stochastic and optimal control, control and identification under uncertainty, robotics, and applications of user-friendly computers in management of economic, industrial, biological, and medical systems. The Journal of Automation and Information Sciences will appeal to professionals in control systems, communications, computers, engineering in biology and medicine, instrumentation and measurement, and those interested in the social implications of technology.