| 基于表单爬虫的Web漏洞探测 |
| |
| 引用本文: | 赵亭,陆余良,刘金红,孙宏纲,施凡.基于表单爬虫的Web漏洞探测[J].计算机工程,2008,34(9):186-188. |
| |
| 作者姓名: | 赵亭 陆余良 刘金红 孙宏纲 施凡 |
| |
| 作者单位: | 合肥电子工程学院网络工程系,合肥,230037 |
| |
| 摘 要: | 提出基于滑动窗口的自适应站点搜索策略和基于位置特征与复现频率的导航链接发现策略。在此基础上,采用基于导航链接的表单搜索策略,设计一种新颖的不同于普通爬虫和主题爬虫的表单爬虫。给出一个基于表单爬虫的Web漏洞探测方案。实验表明该方案搜索表单的收益率和覆盖率分别达到了24%和85%,对跨站攻击漏洞的探测准确率达到96%。
|
| 关 键 词: | 表单爬虫 收益率 覆盖率 精确率 召回率 |
| 文章编号: | 1000-3428(2008)09-0186-03 |
| 修稿时间: | 2007年6月12日 |
Web Vulnerability Detection Based on Form Crawler |
| |
| ZHAO Ting,LU Yu-liang,LIU Jin-hong,SUN Hong-gang,SHI Fan.Web Vulnerability Detection Based on Form Crawler[J].Computer Engineering,2008,34(9):186-188. |
| |
| Authors: | ZHAO Ting LU Yu-liang LIU Jin-hong SUN Hong-gang SHI Fan |
| |
| Affiliation: | (Network Engineering Laboratory, Electronic Engineering Institute, Hefei 230037) |
| |
| Abstract: | This paper proposes an adaptive site-search strategy based on glide window and a navigation link searching strategy based on both location and the frequency of appearance. A new form crawler is designed which is different from common crawler or topic crawler. The form crawler utilizes navigation link to search form. Then a new Web vulnerability detecting scheme is proposed based on the form crawler. It is proved that the harvest and coverage of form searching reaches 24% and 85% respectively, and the accuracy of XSS detection reaches 96%. |
| |
| Keywords: | form crawler harvest coverage accuracy recall |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
