(西南科技大学 计算机科学与技术学院,四川 绵阳 621010)
马 炅(1990-),男,山东泰安人,硕士研究生,主要从事网络安全方向的研究。[FQ)]
国家自然科学基金项目(61303230);四川省科技支撑计划项目(11ZS2010)。
(College of Computer Science & Technology, Southwest University of Science & Technology,Mianyang 621010, China)
- 摘要 | |
- 访问统计 |
- 参考文献 [10] |
- 相似文献 [20] | | |
- 文章评论
在web应用自动渗透测试技术的发展中,由于在web应用响应分析的自动化与智能化方面的研究不足,现有web应用自动渗透测试中仍然需要人为经验干预,限制了渗透测试的效率,因此,在研究了关键字响应分析技术与被动提取技术的基础上提出了自学习响应分析算法,该算法利用关键字词库对响应结果进行分析,若没有匹配成功再利用启发式分析技术进行分析,当分析结果有效则提取响应的关键字加入词库以达到自学习的目的;实验证明,该算法能够对测试响应结果自动地进行分析,突破了关键字分析技术只能分析含有关键字的响应这一局限,同时,比单纯被动响应提取技术具有更高的效率。
Little research about the analysis of web applications’s response has been done . Its level of automation and intelligence is very low. And web penetration still requires human intervention which directly limit its efficiency . To solve this problem,key words analysis and negative response extraction have been studied, and with the help of the two technology a algorithm named self-learnning response analysis is proposed. At first the algorithm use key words to ananlyse the response. If it fails, heuristic analysis technology is used to work it out. The key words extracted from the response will be stored in the database which is used to keep key words. Experimental results show that the algorithm can analyse the response quickly and correctly. And it can analyse the response that key words analysis can not. At the same time, it is more efficient than negative response extraction.
引用本文
马炅,黄晓芳,陶启,张亚文.一种新的自学习web应用响应分析算法计算机测量与控制[J].,2016,24(2):251-254.
复制
文章指标
- 点击次数:1045
- 下载次数: 443
- HTML阅读次数: 0
历史
- 收稿日期:2015-08-26
- 最后修改日期:2015-09-17
- 在线发布日期: 2016-07-27
文章二维码
