Distributed Intrusion Detection and Prevention System－ A Case Study on XSS Attacks

• Main Authors: Pao-Yin Chao, 趙伯尹
• Other Authors: Tai-Kuo Woo
• Format: Others
• Language: zh-TW
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/02464494693925971053

碩士 === 國防管理學院 === 國防資訊研究所 === 96 === As Internet grown rapid popularity, both government agencies and private companies have set up web sites to provide information or Q&A on its Web site. Because personal website in order to highlight its characteristics and their personal styles then the kind of site has continued increase. Some web design has not only been done in accordance with the principles of safety certification but also in order to make their own service program open that makes malicious users have the opportunity to tamper with the page. Cross-site scripting draw the most attention according to OWASP published by the top 10 Internet security issues. The main purpose of this study is how to make IDPS useful, which includes HIDS and NIDS to help network security management and analyze cross-site scripting attack mode to enhance the ability to identify acts of invasion. HIDS could achieve the purpose of monitoring and management, and check client or server’s files of integrity, and Windows registry, when the page was tampering, or client be attacked by XSS and implanted malicious code, at this time HIDS will have warned information in the invasion of management center. At the same time take the initiative to respond to the domain name server, for attempting to implant malicious programs to the client's site, to block client connections after the attack the opportunity to avoid the expansion of network security loopholes. Organizations can also use HIDS be the web server as honey pot for cross-site scripting attacks. By record the XSS’s behavior and use the records of attack mode, so that security managers could understand what the XSS target is, and generate new defense rules. The NIDS detect XSS attack by the set of syntax rules to upload network packet sent to the web server content analysis, found that be informed the invasion triggered the rules of safety management staff, take the initiative to respond to firewall, then make firewall prevent from the malicious request, promote security of the system, a web server to avoid the sensitive information being tampering and theft. Final, we will compare the research of structure with the existing practice of protection for analysis and build a security network application’s environments.