基于机器学习的XSS检测技术
首发时间:2019-12-06
摘要:大多数的WEB应用都存在跨站脚本(XSS)漏洞威胁,能够成功检测XSS漏洞也变得越来越重要。传统XSS安全检测一般采用索引爬虫的检测方式,往往检测效率低下并且准确率不高。为了提升XSS漏洞的检测效率和准确性,本文给出了一种基于机器学习的XSS检测方法。其基本思想就是在XSS攻击向量生成阶段采用机器学习的技术来实现自动化生成优化攻击向量,采用自动交互的方法来对WEB应用系统进行有效测试,最后采用XPath路径定位技术来分析检测结果。通过与Appscan的检测结果进行对比分析,本文设计的检测方法具有更高的检测效率。
关键词: 网络空间安全 跨站脚本(XSS)漏洞 决策树 精英选择策略 XPath路径定位技术
For information in English, please click here
The XSS detection technology based on machine learning
Abstract:Most web applications are threatened by cross site scripting (XSS) vulnerabilities, and it becomes more and more important to successfully detect XSS vulnerabilities. Traditional XSS security detection usually uses index crawler, which is inefficient and inaccurate. In order to improve the efficiency and accuracy of XSS vulnerability detection, this paper presents a machine learning based XSS detection method. Its basic idea is to use machine learning technology to automatically generate and optimize attack vectors in the XSS attack vector generation stage, to use the method of automatic interaction to effectively test the web application system, and finally to use XPath path positioning technology to analyze the detection results. Compared with the results of appscan, the detection method designed in this paper has higher detection efficiency.
Keywords: Cyberspace Security Cross Site Scripting (xss) Decision Tree Elite selection strategy XPath path location technology
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于机器学习的XSS检测技术
评论
全部评论0/1000