Research on SSTI attack defense technology based on instruction set randomization

被引：0

作者：

Wang, Jiang ^{[1
]}

Zhang, Zheng ^{[1
]}

Ma, Bolin ^{[1
]}

Yao, Yuan ^{[1
]}

Ji, Xinsheng ^{[2
]}

机构：

[1] State Key Lab Math Engn & Adv Comp, Zhengzhou, Peoples R China

[2] Informat Engn Univ, Zhengzhou, Peoples R China

来源：

PROCEEDINGS OF 2021 2ND INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND INFORMATION SYSTEMS (ICAIIS '21) | 2021年

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

SSTI; injection; template engine;

D O I：

10.1145/3469213.3471315

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

With the rapid development of the Internet industry, and because scripting languages such as Python, PHP, Ruby have the characteristics of rapid development and easy learning, they are often used in the development process of application programs. Template engine technology can realize the separation of front and back ends in the development process., So it is often used in the development process, but if the developer does not perform strict filtering during the development process of the template engine, the attacker can use the vulnerability to launch a server-side template injection attack (Server-Side-Template-Injection, SSTI), and the current defense methods are too passive because they rely on the detection rate and the prior knowledge of the attacker, so a SSTI defense technology based on randomization technology is proposed.

引用

页数：5

共 50 条

[41] Research on Network Defense Strategy Based on Honey Pot Technology
Hong, Jianchao
Hua, Ying
2017 INTERNATIONAL SYMPOSIUM ON APPLICATION OF MATERIALS SCIENCE AND ENERGY MATERIALS (SAMSE 2017), 2018, 322
[42] Research on SQL Injection Defense Technology Based on Deep Learning
Shi, Weiyu
Liu, Xiaoqian
ARTIFICIAL INTELLIGENCE AND SECURITY, ICAIS 2022, PT II, 2022, 13339 : 538 - 549
[43] A Research for the Optimization of MIPS Instruction set simulation
Liu Ming
Cai Qixian
ICCSSE 2009: PROCEEDINGS OF 2009 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE & EDUCATION, 2009, : 1886 - +
[44] Attack and defense based on buffer overflow
Zhu, Wei
Li, Wei
2003, Fushun Petroleum Institute (23):
[45] Moving target defense of routing randomization with deep reinforcement learning against eavesdropping attack
Xu, Xiaoyu
Hu, Hao
Liu, Yuling
Tan, Jinglei
Zhang, Hongqi
Song, Haotian
DIGITAL COMMUNICATIONS AND NETWORKS, 2022, 8 (03) : 373 - 387
[46] COMPUTER TECHNOLOGY FOR TEACHING AND RESEARCH ON INSTRUCTION
ZINN, KL
REVIEW OF EDUCATIONAL RESEARCH, 1967, 37 (05) : 618 - 634
[47] Moving target defense of routing randomization with deep reinforcement learning against eavesdropping attack
Xiaoyu Xu
Hao Hu
Yuling Liu
Jinglei Tan
Hongqi Zhang
Haotian Song
Digital Communications and Networks, 2022, 8 (03) : 373 - 387
[48] Research of Computer-aided Instruction based on Virtual Reality Technology
Xie, Lei
2018 3RD INTERNATIONAL CONFERENCE ON EDUCATION & EDUCATION RESEARCH (EDUER 2018), 2018, : 75 - 79
[49] Exploiting attack-defense trees to find an optimal set of countermeasures
Fila, Barbara
Widel, Wojciech
2020 IEEE 33RD COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF 2020), 2020, : 395 - 410
[50] Research on Optimal Attack and Defense Decision of Network Security Based on Fuzzy Neural Network
Ye Ru-jun
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2016, 10 (11): : 317 - 324

← 1 2 3 4 5 →