一种适用于Web服务器的漏洞评估方法
首发时间:2015-12-25
摘要:随着Web应用越来越广泛,Web安全威胁凸显,黑客利用网站操作系统的漏洞和Web服务程序的漏洞对目标进行攻击。目前比较流行的Web服务器有Tomcat、Nginx和WebLogic等,本文重点研究了它们中出现的漏洞。通过对目前漏洞评估现状和漏洞打分系统(CVSS)的研究,选取了漏洞利用可能性和影响性这两方面指标对Web服务器漏洞进行评估。为了弥补CVSS中衡量Web服务器漏洞利用可能性的不足,添加了动态指标和适用性指标,然后采用主成分分析法(PCA)解决指标间关联性,确定各个指标的权重。实验结果表明,这种评估方法具有更强的针对性和准确性。
For information in English, please click here
A Vulnerability Assessment Method Suitable for Web Server
Abstract:As the Web applications becoming more and more popular, Web security threats have become increasingly prominent. Hackers attack the target by exploiting the vulnerabilities of Web service program or website of the operating system. Many popular vulnerabilities of Web server has been studied in this paper, such as Tomcat, Nginx, WebLogic and so on. Based on the research of current vulnerability assessment and Common Vulnerability Scoring System (CVSS), the Vulnerability Exploitability and the impact of Vulnerability about Web server are selected in this method. In order to make up for the deficiency of CVSS's Web server vulnerability exploitability, the dynamic index and the suitability index of Web server vulnerabilities are added to this method. Then the principal component analysis (PCA) was used in this method to solve the problem of the correlation between the index and the weight of each index. The experimental results show that this method has more pertinence and accuracy.
Keywords: vulnerability assessment vulnerability exploitability Web server
论文图表:
引用
No.4672151112595214****
同行评议
共计0人参与
勘误表
一种适用于Web服务器的漏洞评估方法
评论
全部评论0/1000