Abstract:
This paper proposes an adaptive site-search strategy based on glide window and a navigation link searching strategy based on both location and the frequency of appearance. A new form crawler is designed which is different from common crawler or topic crawler. The form crawler utilizes navigation link to search form. Then a new Web vulnerability detecting scheme is proposed based on the form crawler. It is proved that the harvest and coverage of form searching reaches 24% and 85% respectively, and the accuracy of XSS detection reaches 96%.
Key words:
form crawler,
harvest,
coverage,
accuracy,
recall
摘要: 提出基于滑动窗口的自适应站点搜索策略和基于位置特征与复现频率的导航链接发现策略。在此基础上,采用基于导航链接的表单搜索策略,设计一种新颖的不同于普通爬虫和主题爬虫的表单爬虫。给出一个基于表单爬虫的Web漏洞探测方案。实验表明该方案搜索表单的收益率和覆盖率分别达到了24%和85%,对跨站攻击漏洞的探测准确率达到96%。
关键词:
表单爬虫,
收益率,
覆盖率,
精确率,
召回率
CLC Number:
ZHAO Ting; LU Yu-liang; LIU Jin-hong; SUN Hong-gang; SHI Fan. Web Vulnerability Detection Based on Form Crawler[J]. Computer Engineering, 2008, 34(9): 186-188,.
赵 亭;陆余良;刘金红;孙宏纲;施 凡. 基于表单爬虫的Web漏洞探测[J]. 计算机工程, 2008, 34(9): 186-188,.