CN115774873A - Cross-site scripting attack detection method, device, equipment and storage medium - Google Patents
Cross-site scripting attack detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115774873A CN115774873A CN202111052396.0A CN202111052396A CN115774873A CN 115774873 A CN115774873 A CN 115774873A CN 202111052396 A CN202111052396 A CN 202111052396A CN 115774873 A CN115774873 A CN 115774873A
- Authority
- CN
- China
- Prior art keywords
- code
- cross
- site scripting
- scripting attack
- segment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Devices For Executing Special Programs (AREA)
Abstract
The application discloses a method and a device for detecting cross-site scripting attack, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: identifying code segments adopting a split structure according to the grammar structure; splitting a code instruction in a code segment adopting a splitting structure into a plurality of character strings for storage respectively; splicing and restoring the code segments adopting the split structure to obtain corresponding code instructions; judging whether the code instructions in each code segment are matched with the statement characteristics of cross-site scripting attack or not; and judging the matched code segments as cross-site scripting attack segments. According to the method and the device, malicious codes which are deformed by splitting and hidden attack characteristics can be identified based on syntactic structure analysis, and the purpose of avoiding missing detection is achieved by splicing, restoring and detecting attack characteristics in a matching manner, so that the detection accuracy rate of cross-site scripting attack is effectively improved, and the network operation safety is guaranteed.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for detecting a cross-site scripting attack, an electronic device, and a computer-readable storage medium.
Background
Cross site scripting attack (XSS) is one of the most prevalent security vulnerabilities for Web applications today. The vulnerability can enable an attacker to embed malicious script codes into a page which can be accessed by a normal user, and when the normal user accesses the page, the embedded malicious script codes can be executed, so that the purpose of maliciously attacking the user is achieved. Currently, the common XSS injection detection technology mainly performs text rule matching on text contents directly. The detection mode is simple and direct, and only the regular detection is needed through the general features of the attack. However, this detection method is easy to bypass, and once an attacker breaks down a complete code string to hide the original attack features, the detection can be avoided. In view of the above, it is an important need for those skilled in the art to provide a solution to the above technical problems.
Disclosure of Invention
The application aims to provide a method and a device for detecting cross-site scripting attack, electronic equipment and a computer readable storage medium, so that the detection capability of the cross-site scripting attack is effectively improved, and the occurrence of missed detection is reduced.
In order to solve the technical problem, on one hand, the application discloses a method for detecting cross-site scripting attack, which comprises the following steps:
identifying code segments adopting a split structure according to the grammar structure; splitting a code instruction in a code segment adopting a splitting structure into a plurality of character strings for storage respectively;
splicing and restoring the code segments adopting the split structure to obtain corresponding code instructions;
judging whether the code instructions in the code segments are matched with the statement characteristics of cross-site scripting attack or not;
and judging the matched code segments as cross-site scripting attack segments.
Optionally, the identifying, according to the syntactic structure, the code segment adopting the split structure includes:
generating a syntax tree corresponding to each code segment;
and analyzing a syntax structure based on the syntax tree to judge whether the corresponding code segment adopts a split structure.
Optionally, the determining whether the code instruction in each code segment matches a statement feature of a cross-site scripting attack includes:
judging whether the code instructions in each code segment comprise any one or a combination of the following contents:
popup function statements and pseudo protocol statements;
and if so, judging that the code instruction in the corresponding code segment is matched with the statement characteristic of the cross-site scripting attack.
Optionally, after the determining the matched code segment as the cross-site scripting attack segment, the method further includes:
and generating prompt information and log records of the current webpage with cross-site scripting attack injection.
Optionally, after the determining the matched code segment as the cross-site scripting attack segment, the method further includes:
and intercepting the operation requested to be executed by the cross-site scripting attack segment.
In another aspect, the present application discloses a cross-site scripting attack detection apparatus, including:
the analysis module is used for identifying the code fragments adopting the split structure according to the grammar structure; code instructions in the code fragments adopting the splitting structure are split into a plurality of character strings to be stored respectively;
the restoration module is used for splicing and restoring the code segments adopting the split structure to obtain corresponding code instructions;
the detection module is used for judging whether the code instructions in the code segments are matched with the statement characteristics of cross-site scripting attack or not;
and the processing module is used for judging the matched code segments as cross-site scripting attack segments.
Optionally, when the parsing module identifies the code segment adopting the split structure according to the syntactic structure, the parsing module is specifically configured to:
generating a syntax tree corresponding to each code segment; and analyzing a syntax structure based on the syntax tree to judge whether the corresponding code segment adopts a split structure.
Optionally, when determining whether the code instruction in each code segment matches a statement feature of a cross-site scripting attack, the detection module is specifically configured to:
judging whether the code instructions in each code segment comprise any one or a combination of the following contents:
a popup function statement and a pseudo protocol statement;
and if so, judging that the code instruction in the corresponding code segment is matched with the statement feature of the cross-site scripting attack.
Optionally, after determining the matched code segment as a cross-site scripting attack segment, the processing module is further configured to:
and generating prompt information and log records of the current webpage with cross-site scripting attack injection.
Optionally, after determining the matched code segment as a cross-site scripting attack segment, the processing module is further configured to:
and intercepting the operation requested to be executed by the cross-site scripting attack segment.
In another aspect, the present application further discloses an electronic device, including:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of any of the cross-site scripting attack detection methods described above.
In yet another aspect, the present application further discloses a computer-readable storage medium, in which a computer program is stored, and the computer program is used to implement the steps of any one of the above-mentioned cross-site scripting attack detection methods when executed by a processor.
The method, the device, the electronic equipment and the computer readable storage medium for detecting the cross-site scripting attack have the beneficial effects that: according to the method and the device, malicious codes which hide attack characteristics through splitting deformation can be effectively identified based on syntactic structure analysis, and then the purpose of avoiding missing detection is achieved by splicing reduction and attack characteristic matching detection of the malicious codes, so that the accurate rate of cross-site scripting attack injection detection is effectively improved, and the network operation safety is guaranteed.
Drawings
In order to more clearly illustrate the technical solutions in the prior art and the embodiments of the present application, the drawings used in the description of the prior art and the embodiments of the present application will be briefly described below. Of course, the following description of the drawings related to the embodiments of the present application is only a part of the embodiments of the present application, and it will be apparent to those skilled in the art that other drawings may be obtained from the provided drawings without any creative effort, and the obtained other drawings also belong to the protection scope of the present application.
Fig. 1 is a flowchart of a cross-site scripting attack detection method disclosed in an embodiment of the present application;
FIG. 2 is a diagram illustrating parsing of a syntax structure based on a syntax tree according to an embodiment of the present application;
FIG. 3 is a flowchart of another cross-site scripting attack detection method disclosed in the embodiment of the present application;
fig. 4 is a block diagram of a structure of a detection apparatus for cross-site scripting attack disclosed in the embodiment of the present application;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The core of the application is to provide a method and a device for detecting cross-site scripting attack, electronic equipment and a computer readable storage medium, so that the detection capability of the cross-site scripting attack is effectively improved, and the occurrence of missed detection is reduced.
In order to more clearly and completely describe the technical solutions in the embodiments of the present application, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Cross Site scripting, XSS for short (for distinction from Cascading Style Sheet, CSS). XSS means that a malicious attacker inserts a malicious html code into a Web page, and when a user browses the page, the html code embedded in the Web page is executed, so that the special purpose of a malicious user is achieved, user information is stolen, a deceased person opens a malicious website or downloads a malicious program, and the like. Aiming at the problem that XSS which is hidden in an attack means through a deformation means is easy to miss detection in the conventional detection scheme, the cross-site scripting attack detection scheme is provided, and the problem can be effectively solved.
Referring to fig. 1, an embodiment of the present application discloses a method for detecting a cross-site scripting attack, which mainly includes:
s101: identifying code segments adopting a split structure according to the grammar structure; the code instruction in the code segment adopting the splitting structure is split into a plurality of character strings to be stored respectively.
Specifically, the method for detecting cross-site scripting attack provided by the application can be specifically applied to network security equipment, such as products of firewalls, security situation awareness and the like. The network security equipment is arranged between the server and the client, so that the server can be protected in a network security way in the process of providing services for the client by the server.
In the process of cross-site scripting attack detection, the method and the device can firstly acquire each code segment extracted from the webpage by the network security equipment. Specifically, when the client needs to access a certain webpage, the network security device may extract a code fragment, i.e., payload, from the webpage, so as to subsequently detect additional code inserted by a malicious attacker based on the code fragment.
It should be noted that, for some code segments which adopt a certain deformation means to hide the cross-site scripting attack characteristics, the method and the device can perform effective identification. Wherein, the deformation means can be called as a split structure, namely: the code segment divides a complete code instruction into a plurality of character strings, and the character strings are respectively stored, so that the sentence characteristics of the original complete instruction are destroyed, and the matching detection based on text rules in the prior art can be avoided.
Therefore, for each code segment, the application will parse its syntactic structure. By analyzing the grammatical structure instead of only the text character string, the method and the device can effectively identify the code fragments adopting the split structure, and further can carry out splicing recovery on the code fragments so as to expose the code instructions of the original complete structure, and correspondingly, if the code fragments are malicious attack codes, the corresponding attack characteristics of the malicious attack codes can be exposed.
S102: and splicing and restoring the code segments adopting the split structure to obtain corresponding code instructions.
S103: and judging whether the code instructions in the code segments are matched with the statement characteristics of the cross-site scripting attack.
Specifically, the code segments of the non-split structure can be directly subjected to attack statement feature detection through S103 without splicing reduction processing; and after the code segment adopting the split structure is spliced and restored to a complete code instruction, the attack statement feature detection is carried out through S103.
In general, common forms of resolution include, but are not limited to: split storage of function names or parameters, split storage of left and right values in equations. No matter which splitting form is adopted, the code instruction can be spliced and restored based on the analysis of the grammar structure.
S104: and judging the matched code segments as cross-site scripting attack segments.
Specifically, once a code instruction in a certain code segment is matched with a statement feature of cross-site scripting attack, the code segment is indicated to contain a malicious attack code, that is, an XSS injection condition occurs in a current webpage, the code segment is determined as a cross-site scripting attack segment, and a corresponding operation requested to be executed needs to be intercepted to ensure the operation safety of the system.
It is easy to understand that if the code instruction in a certain code segment does not match the sentence characteristic of the cross-site scripting attack, it indicates that the code segment does not contain the malicious attack code, so that the code segment that does not match the sentence characteristic of the cross-site scripting attack can be determined as a normal segment, and the system will normally respond to the relevant operation requested to be executed by the normal segment.
Therefore, the detection method for cross-site scripting attack can effectively identify malicious codes which hide attack characteristics through splitting deformation based on syntactic structure analysis, and further achieve the purpose of avoiding missing detection by carrying out splicing reduction and attack characteristic matching detection on the malicious codes, effectively improves the accuracy of injection detection of cross-site scripting attack, and guarantees network operation safety.
As a specific embodiment, the method for detecting a cross-site scripting attack, provided by the embodiment of the present application, identifies, according to a syntax structure, a code segment that adopts a split structure on the basis of the above contents, and includes:
generating a syntax tree corresponding to each code segment;
and analyzing the syntactic structure based on the syntactic tree to judge whether the corresponding code segment adopts a split structure.
Specifically, in the present embodiment, when parsing the syntax structure of each code segment, a method of constructing a syntax tree is specifically adopted. The syntax tree is a graphical representation of a sentence structure, represents the derivation result of the sentence, and is based on the hierarchical structure of the root node and the child nodes, so that the hierarchy of the sentence syntax structure is very convenient to understand.
In the embodiment, the syntax structure of the code segment is analyzed by the syntax tree, so that the method is more convenient and quicker, and the accuracy can be improved. For example, in some cases, for example, when some special format annotators are inserted into a code segment, there is a high possibility of errors when syntax parsing is not performed by using a syntax tree.
The following describes a specific process of parsing a syntax structure using a syntax tree with reference to a specific embodiment. Referring to fig. 2, fig. 2 is a schematic diagram of a syntax tree parsing syntax structure disclosed in the embodiment of the present application.
Specifically, the syntax tree established for a certain code segment is specifically as shown in fig. 2, and the code segment is:
a=“java”;b=“scrip al”;c=“ert(1)”;location=a+b+c。
in the analysis process, the values of the variables a, b and c are recorded in sequence, namely, the values respectively correspond to character strings 'java', 'script: al' and 'ert (1)'; for the variable location, the right side of the equation is obtained by splicing three variables a, b and c, that is, the code fragment splits the right part of the equal sign of the complete code instruction, i.e., "location = ×", into three character strings, which are stored in the variables a, b and c, respectively, so that the code fragment can be recognized to adopt a split structure.
Thus, the method can be subjected to splicing reduction: the value of a + b + c is reduced to "javascript: alert (1)", thereby resulting in "location = javascript: alert (1)" of the complete code instruction. Feature matching detection can then be performed based on the statement features of the cross-site scripting attack.
As a specific embodiment, the method for detecting a cross-site scripting attack, provided by the embodiment of the present application, based on the above contents, of determining whether a code instruction in each code segment matches a statement feature of the cross-site scripting attack includes:
judging whether the code instructions in each code segment comprise any one or combination of the following contents:
a popup function statement and a pseudo protocol statement;
and if so, judging that the code instruction in the corresponding code segment is matched with the statement characteristic of the cross-site scripting attack.
Generally, the pop-up function includes an alert function, a confirm function, a prompt function, etc. for popping up a window of a dialog box, a confirmation box, etc. to guide a user's consent to perform some operation. Thus, the pop-window function is a risk function that is prone to risk. In addition, the pseudo protocol statements may be used to execute any code that follows, as well as belonging to more dangerous operations. Taking Javascript as an example, the common format of the pseudo protocol statement is "Javascript: ". Therefore, in the statement feature matching process, once the similar features of the code instruction are found, the corresponding code segment can be judged to be the cross-site scripting attack segment.
As a specific embodiment, the method for detecting a cross-site scripting attack, provided by the embodiment of the present application, further includes, on the basis of the foregoing content, after determining a matched code segment as a cross-site scripting attack segment:
and intercepting the operation requested to be executed by the cross-site scripting attack segment.
Specifically, in order to protect the system operation safety in real time, after a code segment is determined as a cross-site scripting attack segment, the relevant operation corresponding to the request execution needs to be intercepted in time. It is easy to understand that when the code instruction in the code segment is determined not to match the statement feature of the cross site scripting attack, the operation requested to be executed by the code segment can be released.
As a specific embodiment, the method for detecting a cross-site scripting attack, provided by the embodiment of the present application, based on the above contents, after determining the matched code segment as a cross-site scripting attack segment, further includes:
and generating prompt information and log records of the current webpage with cross-site scripting attack injection.
Specifically, if the cross-site scripting attack fragment is identified in the code fragment of the current webpage, the current webpage is indicated to be injected by XSS, so that prompt information can be generated to give an alarm to a manager, and meanwhile, a log record can be generated so as to carry out troubleshooting in the following process.
Referring to fig. 3 in combination with the above, each time a code segment is obtained, the process of performing cross-site scripting attack detection on the code segment may specifically include:
s201: and generating a syntax tree corresponding to the code segments.
S202: analyzing a syntactic structure based on the syntactic tree to judge whether the code segment adopts a split structure; if yes, entering S203; if not, the process proceeds to S204.
S203: and splicing and restoring the code segments to obtain corresponding code instructions.
S204: judging whether the code instruction in the code segment comprises any one or combination of the following contents: alert function, confirm function, prompt function, javascript pseudo protocol statement; if yes, entering S205; if not, the process proceeds to S207.
S205: judging the code segment into a cross-site scripting attack segment and carrying out operation interception; the process proceeds to S206.
S206: and generating prompt information and log records of the webpage with cross-site scripting attack injection.
S207: and judging the code segment as a normal segment and performing operation release.
Referring to fig. 4, an embodiment of the present application discloses a detection apparatus for cross-site scripting attack, which mainly includes:
the parsing module 301 is configured to identify a code segment adopting a split structure according to a syntactic structure; code instructions in the code fragments adopting the splitting structure are split into a plurality of character strings to be stored respectively;
the restoring module 302 is configured to splice and restore the code segments adopting the split structure to obtain corresponding code instructions;
the detection module 303 is configured to determine whether a code instruction in each code segment matches a statement feature of a cross-site scripting attack;
and the processing module 304 is configured to determine the matched code segment as a cross-site scripting attack segment.
Therefore, the detection device for cross-site scripting attack disclosed by the embodiment of the application can effectively identify malicious codes which hide attack characteristics through splitting deformation based on syntactic structure analysis, and further achieve the purpose of avoiding missing detection by splicing reduction and attack characteristic matching detection, effectively improve the accuracy of injection detection of cross-site scripting attack, and ensure network operation safety.
For specific contents of the above detection apparatus for cross-site scripting attack, reference may be made to the above detailed description of the detection method for cross-site scripting attack, and details thereof are not repeated here.
As a specific embodiment, the detection apparatus for cross-site scripting attack disclosed in the embodiment of the present application, on the basis of the above contents, when the parsing module 302 identifies a code segment adopting a split structure according to a syntactic structure, is specifically configured to:
generating a grammar tree corresponding to each code segment; and analyzing the grammar structure based on the grammar tree to judge whether the corresponding code segments adopt split structures.
As a specific embodiment, in the detection apparatus for cross-site scripting attack disclosed in the embodiment of the present application, on the basis of the foregoing content, when determining whether the code instruction in each code segment matches the statement feature of the cross-site scripting attack, the detection module 304 is specifically configured to:
judging whether the code instructions in each code segment comprise any one or combination of the following contents:
popup function statements and pseudo protocol statements;
and if so, judging that the code instruction in the corresponding code segment is matched with the statement characteristic of the cross-site scripting attack.
As a specific embodiment, in the detection apparatus for cross site scripting attack disclosed in the embodiment of the present application, on the basis of the above contents, after the processing module 305 determines the matched code segment as a cross site scripting attack segment and performs operation interception, the processing module is further configured to:
and intercepting the operation requested to be executed by the cross-site scripting attack segment.
As a specific embodiment, in the detection apparatus for cross site scripting attack disclosed in the embodiment of the present application, on the basis of the above contents, after the processing module 305 determines the matched code segment as a cross site scripting attack segment and performs operation interception, the processing module is further configured to:
and generating prompt information and log records of the current webpage with cross-site scripting attack injection.
Referring to fig. 5, an embodiment of the present application discloses an electronic device, including:
a memory 401 for storing a computer program;
a processor 402 for executing the computer program to implement the steps of any of the cross-site scripting attack detection methods described above.
Further, the embodiment of the present application also discloses a computer-readable storage medium, in which a computer program is stored, and the computer program is used for implementing the steps of any one of the above-mentioned methods for detecting a cross-site scripting attack when executed by a processor.
For the details of the electronic device and the computer-readable storage medium, reference may be made to the foregoing detailed description of the cross-site scripting attack detection method, and details are not repeated here.
The embodiments in the present application are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the equipment disclosed by the embodiment, the description is relatively simple because the equipment corresponds to the method disclosed by the embodiment, and the relevant parts can be referred to the method part for description.
It is further noted that, throughout this document, relational terms such as "first" and "second" are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The technical solutions provided by the present application are described in detail above. The principles and embodiments of the present application are described herein using specific examples, which are only used to help understand the method and its core idea of the present application. It should be noted that, for those skilled in the art, without departing from the principle of the present application, the present application can also make several improvements and modifications, and those improvements and modifications also fall into the protection scope of the present application.
Claims (10)
1. A method for detecting cross-site scripting attack is characterized by comprising the following steps:
identifying code segments adopting a split structure according to the grammar structure; splitting a code instruction in a code segment adopting a splitting structure into a plurality of character strings for storage respectively;
splicing and restoring the code segments adopting the split structure to obtain corresponding code instructions;
judging whether the code instructions in the code segments are matched with the statement characteristics of cross-site scripting attack or not;
and judging the matched code segments as cross-site scripting attack segments.
2. The detection method according to claim 1, wherein the identifying the code segment in the split structure according to the grammar structure includes:
generating a syntax tree corresponding to each code segment;
and analyzing a syntax structure based on the syntax tree to judge whether the corresponding code segment adopts a split structure.
3. The detection method according to claim 1, wherein the determining whether the code instruction in each code segment matches a statement feature of a cross-site scripting attack comprises:
judging whether the code instructions in each code segment comprise any one or a combination of the following contents:
a popup function statement and a pseudo protocol statement;
and if so, judging that the code instruction in the corresponding code segment is matched with the statement feature of the cross-site scripting attack.
4. The detection method according to any one of claims 1 to 3, wherein after the determining the matched code segment as the cross-site scripting attack segment, the method further comprises:
and generating prompt information and log records of the current webpage with cross-site scripting attack injection.
5. The detection method according to claim 4, wherein after the determining the matched code segment as the cross-site scripting attack segment, further comprising:
and intercepting the operation requested to be executed by the cross-site scripting attack segment.
6. A device for detecting a cross-site scripting attack, comprising:
the analysis module is used for identifying the code segments adopting the split structure according to the grammar structure; splitting a code instruction in a code segment adopting a splitting structure into a plurality of character strings for storage respectively;
the restoration module is used for splicing and restoring the code segments adopting the split structure to obtain corresponding code instructions;
the detection module is used for judging whether the code instructions in the code segments are matched with the statement characteristics of the cross-site scripting attack or not;
and the processing module is used for judging the matched code segments as cross-site scripting attack segments.
7. The detection apparatus according to claim 6, wherein the parsing module, when identifying the code segment adopting the split structure according to the syntactic structure, is specifically configured to:
generating a syntax tree corresponding to each code segment; and analyzing a syntax structure based on the syntax tree to judge whether the corresponding code segment adopts a split structure.
8. The detection apparatus according to claim 6, wherein the detection module, when determining whether the code instruction in each code segment matches a statement feature of a cross-site scripting attack, is specifically configured to:
judging whether the code instructions in each code segment comprise any one or a combination of the following contents:
pop-window function statements and Javascript pseudo protocol statements;
and if so, judging that the code instruction in the corresponding code segment is matched with the statement feature of the cross-site scripting attack.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the method of detecting a cross-site scripting attack as claimed in any one of claims 1 to 5.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the steps of the method for detecting a cross-site scripting attack according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111052396.0A CN115774873A (en) | 2021-09-08 | 2021-09-08 | Cross-site scripting attack detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111052396.0A CN115774873A (en) | 2021-09-08 | 2021-09-08 | Cross-site scripting attack detection method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115774873A true CN115774873A (en) | 2023-03-10 |
Family
ID=85387441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111052396.0A Pending CN115774873A (en) | 2021-09-08 | 2021-09-08 | Cross-site scripting attack detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115774873A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116631643A (en) * | 2023-07-24 | 2023-08-22 | 北京惠每云科技有限公司 | Medical knowledge graph construction method and device, electronic equipment and storage medium |
-
2021
- 2021-09-08 CN CN202111052396.0A patent/CN115774873A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116631643A (en) * | 2023-07-24 | 2023-08-22 | 北京惠每云科技有限公司 | Medical knowledge graph construction method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11431676B2 (en) | Method, apparatus, and system for detecting terminal security status | |
| US8615804B2 (en) | Complementary character encoding for preventing input injection in web applications | |
| US10120997B2 (en) | Code instrumentation for runtime application self-protection | |
| US9032516B2 (en) | System and method for detecting malicious script | |
| US8424090B2 (en) | Apparatus and method for detecting obfuscated malicious web page | |
| US20170316202A1 (en) | Rasp for scripting languages | |
| KR101874373B1 (en) | A method and apparatus for detecting malicious scripts of obfuscated scripts | |
| JP2014203464A (en) | Client based local malware detection method | |
| EP3637292B1 (en) | Determination device, determination method, and determination program | |
| CN113055399A (en) | Attack success detection method, system and related device for injection attack | |
| CN111368303A (en) | PowerShell malicious script detection method and device | |
| JP5656266B2 (en) | Blacklist extraction apparatus, extraction method and extraction program | |
| CN107103243B (en) | Vulnerability detection method and device | |
| CN113067792A (en) | XSS attack identification method, device, equipment and medium | |
| CN112016096A (en) | XSS vulnerability auditing method and device | |
| CN115774873A (en) | Cross-site scripting attack detection method, device, equipment and storage medium | |
| Mui et al. | Preventing web application injections with complementary character coding | |
| Shahriar et al. | Design and development of Anti-XSS proxy | |
| Stephen et al. | Prevention of cross site scripting with E-Guard algorithm | |
| CN109218284B (en) | XSS vulnerability detection method and device, computer equipment and readable medium | |
| CN112084499A (en) | 0day attack detection method, device, equipment and medium based on syntactic analysis | |
| CN113127862B (en) | XXE attack detection method and device, electronic equipment and storage medium | |
| CN114168950B (en) | Method, device, equipment and product for repairing cross-site scripting attack vulnerability | |
| CN115065534B (en) | Dynamic script attack interception method and device, electronic equipment and readable storage medium | |
| CN115906077A (en) | Information detection method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |