Interface more than the Web front end of the modular cell phone is vulnerable to session hijacking attacks.The current session hijacking attack detection methods need to build a contains all the characteristics of attack detection model,is not easy to implement,and test results are not reliable.A new type of modular mobile Web front-end session hijacking attack detection method was put forward,analysis of multiple interface modular mobile Web front-end not under the limited session hijacking attack,pretreatment RTT history data,in order to reduce the interface more modular mobile Web front-end singular data not under the limited impact on normal data RTT feature extraction.Data using sliding window and least squares,with the method of smoothing of componentization mobile Web front-end RTT is the feature extraction,and normal data based on RTT feature extraction result,with average sliding window method to test the session hijacking attacks.The experimental results show that the proposed method has a high attack detection accuracy and efficiency.%多接口非限制下组件化手机的Web前端容易遭遇会话劫持攻击.当前会话劫持攻击检测方法需建一个含有全部攻击特征的检测模型,不易实现,且检测结果不可靠.提出一种新型组件化手机Web前端会话劫持攻击检测方法,分析多接口非限制下组件化手机Web前端会话劫持攻击,预处理RTT历史数据,以降低多接口非限制下组件化手机Web前端奇异数据对正常数据RTT特征提取的影响.采用滑动数据窗和最小二乘平滑结合的方法对组件化手机Web前端正常数据的RTT特征进行提取,依据RTI特征提取结果,通过滑动窗口平均方法对会话劫持攻击进行检测.实验结果表明,所提方法具有很高的攻击检测精度和效率.
展开▼
