信息安全研究2024,Vol.10Issue(9):824-832,9.DOI:10.12379/j.issn.2096-1057.2024.09.06
融合LSTM目录获取的Web漏洞检测方案
A Web Vulnerability Detection Solution Integrating LSTM for Directory Acquisition
摘要
Abstract
Addressing the limitations of current vulnerability detection methods in directory acquisition capabilities and detection coverage,this paper proposes a Web vulnerability detection scheme that integrates LSTM(Long Short-Term Memory)for directory acquisition.The proposed solution incorporates Arjun for efficient parameter brute-forcing technique to obtain basic directory paths and introduces an LSTM-based approach to generate fuzzy directory paths,constructing a comprehensive directory path pool that penetrates hidden directories and quickly acquires a larger number of valid directory paths.To overcome the challenge of detecting atypical Web vulnerabilities,the proposed solution has been implemented as an automated,universal vulnerability detection and verification tool.This tool is suitable for both typical and atypical vulnerabilities and is equipped with capabilities for directory acquisition,vulnerability detection,and bypassing techniques for cookies and IP blocking.Experimental results demonstrate that this solution outperforms typical directory brute-forcing tools by acquiring more valid directory paths,exhibiting excellent directory acquisition capabilities,and effectively detecting and covering a wider range of Web vulnerabilities with high efficiency and a low false positive rate.关键词
Web安全/漏洞检测/长短时记忆网络/黑盒测试/自动化工具Key words
Web security/vulnerability detection/LSTM/black box testing/automated tools分类
信息技术与安全科学引用本文复制引用
黄长江,冯景瑜,王侃,安宇航,翟天旭,苏恒涛..融合LSTM目录获取的Web漏洞检测方案[J].信息安全研究,2024,10(9):824-832,9.基金项目
陕西省重点研发计划项目(2024GX-YBXM-076) (2024GX-YBXM-076)
