期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于表单爬虫的Web漏洞探测 被引量:5

Web Vulnerability Detection Based on Form Crawler
下载PDF
导出
摘要 提出基于滑动窗口的自适应站点搜索策略和基于位置特征与复现频率的导航链接发现策略。在此基础上,采用基于导航链接的表单搜索策略,设计一种新颖的不同于普通爬虫和主题爬虫的表单爬虫。给出一个基于表单爬虫的Web漏洞探测方案。实验表明该方案搜索表单的收益率和覆盖率分别达到了24%和85%,对跨站攻击漏洞的探测准确率达到96%。 This paper proposes an adaptive site-search strategy based on glide window and a navigation link searching strategy based on both location and the frequency of appearance. A new form crawler is designed which is different from common crawler or topic crawler. The form crawler utilizes navigation link to search form. Then a new Web vulnerability detecting scheme is proposed based on the form crawler. It is proved that the harvest and coverage of form searching reaches 24% and 85% respectively, and the accuracy of XSS detection reaches 96%.
作者 赵亭 陆余良 刘金红 孙宏纲 施凡
机构地区 合肥电子工程学院网络工程系
出处 《计算机工程》 CAS CSCD 北大核心 2008年第9期186-188,215,共4页 Computer Engineering
关键词 表单爬虫 收益率 覆盖率 精确率 召回率 form crawler harvest coverage accuracy recall
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1Shema M.Web Security Portable Reference[M].California:McGraw-Hill,2003-06.
  • 2Huang Yaowen,Huang S K,Lin T P.Web Application Security Assessment by Fault Injection and Behavior Monitoring[C]//Proc.of the 12th ACM International Conference on World Wide Web.Budapest,Hungary:[s.n.],2003.
  • 3Aidemork J,Vinter J,Folkesson P.GOOFI:Generic Object-Oriented Fault Injection Tool[C]//Proc.of IEEE International Computer Performance and Dependability Symposium.Goteborg,Sweden:[s.n.],2001.
  • 4Murnane T,Hall R,Reed K.Towards Describing Black-box Testing Methods as Atomic Rules[C]//Proc.of the 29th Annual International Computer Software and Applications Conference.Melbourne,Australia:IEEE Computer Society,2005.
  • 5Mencaer F,Pant G.Evaluating Topic-driven Web Crawlers[C]//Proceedings of the 24th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval.New York,NY,USA:ACM Press,2001.
  • 6Snake R.XSS Cheatsheet[EB/OL].(2007-05-28).http://sec.drorshalev.com/dev/xss/xssTricks.htm.

同被引文献25

  • 1胡丽琴,郭红俊.WEB服务器的网页防篡改设计[J].北京城市学院学报,2005(4):78-81. 被引量:5
  • 2陈小兵,张汉煜,骆力明,黄河.SQL注入攻击及其防范检测技术研究[J].计算机工程与应用,2007,43(11):150-152. 被引量:72
  • 3National Vulnerability Database.National vulnerability database(NVD) CVE statistics[EB/OL].(2009-12).http://web.nvd.nist.gov/view/vuln/statistics-results?cid=4.
  • 4OWASP.Top 10 2007[EB/OL].(2009-11).http://www.owasp.org/index.php/Top_10_2007.
  • 5BANDHAKAVI S,BISHT P,MADHUSUDAN P,et al.CANDID:preventing SQL injection attacks using dynamic candidate evaluations[C] //Proc of the 14th ACM Conference on Computer and Communications Secirity.New York:ACM Press,2007:12-24.
  • 6FRIEDL J E F.Mastering regular expressions[M].2nd ed.[S.l.] :O'Reilly Media Inc,2005:10-21.
  • 7PESSOA J.Detecting SQL injection vulnerabilities in Web services[C] //Proc of the 4th Latin-American Symposium on Dependable Computing.Joao Pessoa,Brazil:IEEE Computer Society,2009:17-24.
  • 8KEMALIS K,TZOURAMANIS T.SQL-IDS:a specification-based approach for SQL-injection detection[C] //Proc of ACM Symposium on Applied Computing.New York:ACM Press,2008:2153-2158.
  • 9CHAPELA V.Advanced SQL injection[EB/OL].[2005-11].http://www.owasp.org/images/7/74/Adcance_SQL_Injection.ppt..
  • 10ANLEY C.(more)Advanced SQL injection[EB/OL].[2002-06-18].http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf.

引证文献5

二级引证文献38

计算机工程
2008年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部