Risk Analysis of XSS Based on Bayesian Network and STRIDE Model
Bayesian network is widely used in risk analysis because it can model events and give a compact probability representation.According to XSS attacks,and a Bayesian network structure model based on the STRIDE threat model is built,the prior probability of the nodes through expert experience and the ranking nodes is obtained.On this basis,a rejection sampling algorithm is used to obtain the data set,and then the parameters of Bayesian network are learnt.Then Bayesian network inference is used to calculate the risk of XSS attacks on the Web system,so as to find the weaknesses to strengthen the corresponding protection measures and to realize the active defense.
cross site scripting XSSBayesian networkSTRIDE threat classificationranking nodesrejection sampling
NETL
NSTL
万方数据
