摘要
针对当前Web应用程序漏洞的研究现状,文章设计出新型的面向Web应用的漏洞检测和挖掘系统,以切合当前Web开发的需求。该系统能够实现网络爬虫、多线程任务调度、钓鱼链接识别、模糊协议处理、网页木马检测等各项关键技术,使漏洞检测更加准确、高效。在研究Web安全相关理论和人工智能的基础上,文章采用静态分析和动态分析相结合的办法实现了网页链接和内容的恶意检测、网页漏洞的动态注入测试。文章最后对各项算法以及系统进行测试,测试结果表明该系统能够满足已知各项漏洞的检测,并且达到各项技术指标,检测结果对于提升目标站点的安全级别效果显著。
In order to meet the need of current web exploitation, the system can realize web spider, multi - thread task scheduling, recognition of phishing, processing protocol obfuscation, identification of page trojan, 'and so on many other techniques, which makes the detection of bugs more accurate and efficient. On the basis of the research of web security and artificial intelligence, we adopt both static analysis and dynamic analysis to realize the malicious detection of web links and content, and the test of web bugs' dynamic infusion. At last, the works test every algorithm and system. The test output shows that the system can meet every known bug test and can meet every technical specifications. The test output extraordinarily enhanced the security level of target websites.
出处
《信息网络安全》
2012年第9期76-80,共5页
Netinfo Security
