[1] LI X, XUE Y.A survey on Web application security[EB/OL].[2021-12-05].https://www.isis.vanderbilt.edu/sites/default/files/main_0.pdf. [2] NTTsecurity.2019 NTT global threat intelligence report[EB/OL].[2021-12-05].https://ishare.iask.sina.com.cn/f/8vy3VW5Iyt.html. [3] 马月, 侯雪城, 吴佳帅, 等.Web应用防火墙(WAF)技术的综述[J].计算机时代, 2020(3):13-15, 19. MA Y, HOU X C, WU J S, et al.Research on technologies of Web application firewall[J].Computer Era, 2020(3):13-15, 19.(in Chinese) [4] 刘志光.Web应用防火墙技术分析[J].情报探索, 2014(3):103-105, 129. LIU Z G.Analysis on firewall technologies of Web-based application[J].Information Research, 2014(3):103-105, 129.(in Chinese) [5] LI Y F, DAS P K, DOWE D L.Two decades of Web application testing-a survey of recent advances[J].Information Systems, 2014, 43:20-54. [6] LEE T, WI S, LEE S, et al.FUSE:finding file upload bugs via penetration testing[C]//Proceedings of 2020 Network and Distributed System Security Symposium.Reston, USA:Internet Society, 2020:1-10. [7] DEMETRIO L, VALENZA A, COSTA G, et al.WAF-A-MoLE:evading Web application firewalls through adversarial machine learning[C]//Proceedings of the 35th Annual ACM Symposium on Applied Computing.New York, USA:ACM Press, 2020:1745-1752. [8] LYU C, JI S, ZHANG C, et al.MOPT:optimized mutation scheduling for fuzzers[C]//Proceedings of the 28th USENIX Security Symposium.[S.l.]:USENIX, 2019:1949-1966. [9] APPELT D, NGUYEN C D, PANICHELLA A, et al.A machine-learning-driven evolutionary approach for testing Web application firewalls[J].IEEE Transactions on Reliability, 2018, 67(3):733-757. [10] BAU J, BURSZTEIN E, GUPTA D, et al.State of the art:automated black-box Web application vulnerability testing[C]//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C., USA:IEEE Press, 2010:332-345. [11] DOUPÉ A, COVA M, VIGNA G.Why Johnny can't pentest:an analysis of black-box Web vulnerability scanners[C]//Proceedings of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment.Berlin, Germany:Springer, 2010:111-131. [12] BOYD S W, KEROMYTIS A D.SQLrand:preventing SQL injection attacks[C]//Proceedings of International Conference on Applied Cryptography and Network Security.Berlin, Germany:Springer, 2004:292-302. [13] 谷家腾, 辛阳.基于动态分析的XSS漏洞检测模型[J].计算机工程, 2018, 44(10):34-41. GU J T, XIN Y.XSS vulnerability detection model based on dynamic analysis[J].Computer Engineering, 2018, 44(10):34-41.(in Chinese) [14] 朱辉, 沈明星, 李善平.Web应用中代码注入漏洞的测试方法[J].计算机工程, 2010, 36(10):173-175, 178. ZHU H, SHEN M X, LI S P.Test method on code injection vulnerabilities of Web application[J].Computer Engineering, 2010, 36(10):173-175, 178.(in Chinese) [15] 刘博, 王明烁, 李永, 等.深度学习在时空序列预测中的应用综述[J].北京工业大学学报, 2021, 47(8):925-941. LIU B, WANG M L, LI Y, et al.Deep learning for spatio-temporal sequence forecasting:a survey[J].Journal of Beijing University of Technology, 2021, 47(8):925-941. (in Chinese) [16] 何力, 郑灶贤, 项凤涛, 等.基于深度学习的文本分类技术研究进展[J].计算机工程, 2021, 47(2):1-11. HE L, ZHENG Z X, XIANG F T, et al.Research progress of text classification technology based on deep learning[J].Computer Engineering, 2021, 47(2):1-11.(in Chinese) [17] LI Z, ZOU D Q, XU S H, et al.VulDeePecker:a deep learning-based system for vulnerability detection[C]//Proceedings of 2018 Network and Distributed System Security Symposium.Reston, USA:Internet Society, 2018:1-10. [18] 郭可翔, 王衡军, 白祉旭.基于多通道CNN和BiGRU的字词级文本错误检测模型[J].计算机工程:2022, 48(9):63-70. GUO K X, WANG H J, BAI Z X.A word-level text error detection model based on multi-channel CNN and BiGRU[J].Computer Engineering:2022, 48(9):63-70.(in Chinese) [19] CHO K, VAN MERRIENBOER B, GULCEHRE C, et al.Learning phrase representations using RNN encoder-decoder for statistical machine translation[C]//Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing.Stroudsburg, USA:Association for Computational Linguistics, 2014:1-10. [20] ITO M, IYATOMI H.Web application firewall using character-level convolutional neural network[C]//Proceedings of the 14th International Colloquium on Signal Processing & Its Applications.Washington D.C., USA:IEEE Press:103-106. [21] 姚琳琳, 何倩, 王勇, 等.基于分布式对等架构的Web应用防火墙[J].计算机工程, 2012, 38(22):114-118. YAO L L, HE Q, WANG Y, et al.Web application firewall based on distributed P2P architecture[J].Computer Engineering, 2012, 38(22):114-118.(in Chinese) [22] APPELT D, NGUYEN C D, BRIAND L.Behind an application firewall, are we safe from SQL injection attacks?[C]//Proceedings of the 8th International Conference on Software Testing, Verification and Validation.Washington D.C., USA:IEEE Press, 2015:1-10. [23] KINGMA D P, BA J.Adam:a method for stochastic optimization[EB/OL].[2021-12-05].https://arxiv.org/abs/1412.6980. [24] ABADI M, AGARWAL A, BARHAM P, et al.TensorFlow:large-scale machine learning on heterogeneous distributed systems[EB/OL].[2021-12-05].https://arxiv.org/abs/1603.04467. [25] CSIC.HTTP CSIC 2010[EB/OL].[2021-12-05].https://www.isi.csic.es/dataset/. |