| 网页漏洞挖掘系统设计 |
| |
| 引用本文: | 黄超,李毅,麻荣宽,马建勋.网页漏洞挖掘系统设计[J].信息网络安全,2012(9):76-80. |
| |
| 作者姓名: | 黄超 李毅 麻荣宽 马建勋 |
| |
| 作者单位: | 西安电子科技大学,陕西西安 7107126 |
| |
| 摘 要: | 针对当前web应用程序漏洞的研究现状,文章设计出新型的面向Web应用的漏洞检测和挖掘系统,以切合当前Web开发的需求。该系统能够实现网络爬虫、多线程任务调度、钓鱼链接识别、模糊协议处理、网页木马检测等各项关键技术,使漏洞检测更加准确、高效。在研究Web安全相关理论和人工智能的基础上,文章采用静态分析和动态分析相结合的办法实现了网页链接和内容的恶意检测、网页漏洞的动态注入测试。文章最后对各项算法以及系统进行测试,测试结果表明该系统能够满足已知各项漏洞的检测,并且达到各项技术指标,检测结果对于提升目标站点的安全级别效果显著。
|
| 关 键 词: | web漏洞挖掘 爬虫 钓鱼链接 fuZZ测试 注入测试 |
Platform Design of Network Intrusion Detection Cooperating with Firewall |
| |
| HUANG Chao,LI yi,MA Rong-kuan,MA Jian-xun.Platform Design of Network Intrusion Detection Cooperating with Firewall[J].Netinfo Security,2012(9):76-80. |
| |
| Authors: | HUANG Chao LI yi MA Rong-kuan MA Jian-xun |
| |
| Affiliation: | ( Xidian University, Xi'an Shanxi 7107126, China ) |
| |
| Abstract: | In order to meet the need of current web exploitation, the system can realize web spider, multi - thread task scheduling, recognition of phishing, processing protocol obfuscation, identification of page trojan, 'and so on many other techniques, which makes the detection of bugs more accurate and efficient. On the basis of the research of web security and artificial intelligence, we adopt both static analysis and dynamic analysis to realize the malicious detection of web links and content, and the test of web bugs' dynamic infusion. At last, the works test every algorithm and system. The test output shows that the system can meet every known bug test and can meet every technical specifications. The test output extraordinarily enhanced the security level of target websites. |
| |
| Keywords: | Web bug detection web spider phishing links fuzz testing injection testing |
| 本文献已被 维普 万方数据 等数据库收录! |
|
