ASIA unversity:Item 310904400/113858
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 94286/110023 (86%)
Visitors : 21701150      Online Users : 506
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://asiair.asia.edu.tw/ir/handle/310904400/113858


    Title: 一種用於跨網站指令碼攻擊檢測與預防的組合方法
    Detection and Prevention of Cross-site Scripting Attack by Using Combined Approaches
    Authors: Nshimiyimana, Aristophane
    Nshimiyimana, Aristophane
    Contributors: 資訊工程學系
    Keywords: Artificial intelligence;content security policy;intrusion detection prevention system;web application firewall,;demilitarized zone
    Date: 2021-02-02
    Issue Date: 2022-10-31 06:22:45 (UTC+0)
    Publisher: 亞洲大學
    Abstract: 跨站點腳本攻擊是一種類型代碼注入,它使黑客能夠將惡意腳本代碼注入受信任的Web應用程序。當用戶嘗試請求注入的網頁時,他不知道惡意腳本代碼可能正在影響他的計算機。如今,攻擊者正在針對持有敏感數據(例如銀行交易,電子郵件,醫療保健和電子銀行)的Web應用程序,以竊取用戶信息並獲得對數據的完全訪問權限,從而使Web應用程序變得更加強大。脆弱的。這項研究提出了兩種方法,第三種是稱為“與人工智能(AI),IDPS和非軍事區(DMZ)集成的Web應用程序防火牆方法”的混合方法,以找到針對這一最具挑戰性的攻擊問題的解決方案。在第一種方法中,我們實施了隨機森林(RF),邏輯回歸(LR),k最近鄰(KNN)和支持向量機(SVM)來發現和分類XSS攻擊。在第二種方法中,實施了內容安全策略(CSP)方法以實時檢測XSS攻擊。在最後一種方法中,本研究提出了與人工智能(AI),IDPS和非軍事區(DMZ)集成的Web應用程序防火牆方法,以實時檢測和預防XSS攻擊。該研究實驗結果證明了AI算法的高性能。 CSP方法實時顯示檢測系統報告的結果。在第三種方法中,獲得了預期的系統實驗結果,這使WAF方法與AI,IDPS和DMZ集成在一起,比其他兩種方法更強大地解決了此研究問題
    Cross-site scripting attack is a type code injection that allows a hacker to inject malicious script code into a trusted web application. When a user tries to request the injected web page, he is not aware that the malicious script code might be affecting his computer. Nowadays, attackers are targeting the web applications that holding a sensitive data (e.g., bank transaction, e-mails, healthcare, and e-banking) to steal users’ information and gain full access to the data which make the web applications to be more vulnerable. This research study presents two approaches and the third is hybrid approach called “Web Application Firewall approach integrated with artificial intelligence (AI), IDPS, and demilitarized zone (DMZ)” to find a solution to this most challenging attacks problems. In the first approach, we implemented random forest (RF), logistic regression (LR), k-Nearest Neighbors (KNN ), and support vector machine (SVM) to discover and classify XSS attack. In the second approach, the content security policy (CSP) approach is implemented to detect XSS attacks in real-time. In the last approach, Web Application Firewall approach integrated with artificial intelligence (AI), IDPS, and Demilitarized Zone (DMZ) is proposed in this research study to detect and prevent XSS attacks in real-time. This research experiment results demonstrated the high performance of AI algorithms. The CSP approach shows the results for the detection system report in real-time. In the third approach, the expected system results is obtained for experiment, that make the WAF approach integrated with AI, IDPS, and DMZ more powerful system tools to address this research problem than the other two approaches
    Appears in Collections:[Department of Computer Science and Information Engineering] Theses & dissertations

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML100View/Open


    All items in ASIAIR are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback