摘要: 针对现有Web服务器识别(WSI)方法存在识别正确率低且对指纹库依赖性强的问题,依据不同服务器对15种畸形Http请求处理机制的差异,提出一种新的识别方法。使用朴素贝叶斯分类模型计算待测Web服务器各分类属性在状态码特征属性下的后验概率,选择后验概率最大的类型作为Web服务器类型,根据该类型选择特定版本特征库,利用朴素贝叶斯分类模型得到Web服务器类型对应的具体版本,以此设计和实现Web服务器识别系统。与现有HMAP,Httprecon,Httprint识别工具进行对比实验的结果表明,随着训练样本的增加,该系统的准确率、召回率和F-measure值更高,识别性能更好。
关键词:
Web安全检测,
漏洞检测,
Web服务器识别,
贝叶斯理论,
状态码
Abstract: Aiming at the problem that the identification rate of current Web Server Identification(WSI) methods is low, and the dependence for fingerprints is strong.By the Web servers’ different responses to the 15 types of abnormal Http requests, the naive Bayes classification model is used to identify the Web server type by the maximum posterior probability of status code attributes.The model is used again to identify the Web server version by selecting version features.A system based on the method called WSI system is designed and realized.Experimental results show that compared with the current three identification tools such as HMAP, Httprecon, Httprint, the accuracy and recall rate and F-measure of this system are higher, and it has better recognition performance with the increase of training samples.
Key words:
Web security detection,
vulnerability detection,
Web Server Identification(WSI),
Bayesian theory,
status code
中图分类号: