ASIA unversity:Item 310904400/113858
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 94286/110023 (86%)
造访人次 : 21700871      在线人数 : 354
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻
    ASIA unversity > 資訊學院 > 資訊工程學系 > 博碩士論文 >  Item 310904400/113858


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://asiair.asia.edu.tw/ir/handle/310904400/113858


    题名: 一種用於跨網站指令碼攻擊檢測與預防的組合方法
    Detection and Prevention of Cross-site Scripting Attack by Using Combined Approaches
    作者: Nshimiyimana, Aristophane
    Nshimiyimana, Aristophane
    贡献者: 資訊工程學系
    关键词: Artificial intelligence;content security policy;intrusion detection prevention system;web application firewall,;demilitarized zone
    日期: 2021-02-02
    上传时间: 2022-10-31 06:22:45 (UTC+0)
    出版者: 亞洲大學
    摘要: 跨站點腳本攻擊是一種類型代碼注入,它使黑客能夠將惡意腳本代碼注入受信任的Web應用程序。當用戶嘗試請求注入的網頁時,他不知道惡意腳本代碼可能正在影響他的計算機。如今,攻擊者正在針對持有敏感數據(例如銀行交易,電子郵件,醫療保健和電子銀行)的Web應用程序,以竊取用戶信息並獲得對數據的完全訪問權限,從而使Web應用程序變得更加強大。脆弱的。這項研究提出了兩種方法,第三種是稱為“與人工智能(AI),IDPS和非軍事區(DMZ)集成的Web應用程序防火牆方法”的混合方法,以找到針對這一最具挑戰性的攻擊問題的解決方案。在第一種方法中,我們實施了隨機森林(RF),邏輯回歸(LR),k最近鄰(KNN)和支持向量機(SVM)來發現和分類XSS攻擊。在第二種方法中,實施了內容安全策略(CSP)方法以實時檢測XSS攻擊。在最後一種方法中,本研究提出了與人工智能(AI),IDPS和非軍事區(DMZ)集成的Web應用程序防火牆方法,以實時檢測和預防XSS攻擊。該研究實驗結果證明了AI算法的高性能。 CSP方法實時顯示檢測系統報告的結果。在第三種方法中,獲得了預期的系統實驗結果,這使WAF方法與AI,IDPS和DMZ集成在一起,比其他兩種方法更強大地解決了此研究問題
    Cross-site scripting attack is a type code injection that allows a hacker to inject malicious script code into a trusted web application. When a user tries to request the injected web page, he is not aware that the malicious script code might be affecting his computer. Nowadays, attackers are targeting the web applications that holding a sensitive data (e.g., bank transaction, e-mails, healthcare, and e-banking) to steal users’ information and gain full access to the data which make the web applications to be more vulnerable. This research study presents two approaches and the third is hybrid approach called “Web Application Firewall approach integrated with artificial intelligence (AI), IDPS, and demilitarized zone (DMZ)” to find a solution to this most challenging attacks problems. In the first approach, we implemented random forest (RF), logistic regression (LR), k-Nearest Neighbors (KNN ), and support vector machine (SVM) to discover and classify XSS attack. In the second approach, the content security policy (CSP) approach is implemented to detect XSS attacks in real-time. In the last approach, Web Application Firewall approach integrated with artificial intelligence (AI), IDPS, and Demilitarized Zone (DMZ) is proposed in this research study to detect and prevent XSS attacks in real-time. This research experiment results demonstrated the high performance of AI algorithms. The CSP approach shows the results for the detection system report in real-time. In the third approach, the expected system results is obtained for experiment, that make the WAF approach integrated with AI, IDPS, and DMZ more powerful system tools to address this research problem than the other two approaches
    显示于类别:[資訊工程學系] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML100检视/开启


    在ASIAIR中所有的数据项都受到原著作权保护.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈