Research On Key Technologies Of Security Detection For Web Applications

With the implementation of cloud computing and artificial intelligence technology in financial,medical,government and other scenarios,web applications,as a medium for interacting with users,have begun to integrate into all aspects of work and life.In order to support more complex business logic,the technical route and development mode of web applications have undergone tremendous changes compared with ten years ago.The development of technologies such as the software supply chain has gradually blurred the security boundary of web applications,which has brought severe challenges to the security detection capabilities of web applications.In recent years,the improvement of security capabilities has generally lagged behind the growth of web applications,resulting in an endless stream of various attacks and bringing huge losses to society.In the attack,the attacker usually uses the vulnerability and the malicious code together.The vulnerability is used to break through the security defense line of the web application,and the malicious code is used to maintain the authority obtained by the attacker and further expand the scope of the attack.At present,there are many researches on web application security detection.However,the increasing number of attacks also reflects that there are still many problems to be solved in terms of detection accuracy and detection efficiency.Therefore,this thesis focuses on the two main threats of web vulnerabilities and web malicious code,combining traditional program analysis and machine learning-based analysis to carry out research.The main research results are as follows:1.Aiming at the problem of low production efficiency of payload of black-box web vulnerability scanner,a cross-site scripting vulnerability detection method based on reinforcement learning fuzz testing is proposed.This method achieves full coverage of potential injection points,and supports framework-based web applications with a high detection rate.This thesis proposes a structured payload generation and mutation,combined with a reinforcement learning model,and improves the speed of test sample generation by optimizing the state,action and reward of the model in the cross-site scripting vulnerability detection scenario.In order to verify the effectiveness of the method,this thesis selects four open source projects as test samples,and selects four vulnerability scanners for comparison.The experimental results show that the method achieves a vulnerability detection rate of 93.75%in the test samples,which is significantly better than the other four scanners.2.Aiming at the problem of low accuracy of deserialization vulnerability detection,a hybrid property graph based deserialization vulnerability detection method is proposed.The method employs a requirement-driven analysis technique to generate hybrid property graphs from security-sensitive methods,reducing scope and improving analysis efficiency.Detect deserialization vulnerabilities by merging hybrid property graphs with identical nodes,searching for reachable paths from trigger methods to abuse methods.In order to demonstrate the effectiveness of the method,this thesis selects 12 open source software as test samples and compares them with two detection tools.The experimental results show that the method achieves a detection rate of 80%in the test samples,outperforming the other two tools.3.Aiming at the problem of low detection accuracy of file-type web malicious code,a malicious code detection method based on semantic analysis and BiLSTM model is proposed.This method extracts highdimensional semantic information in JavaScript code,combines the description of data dependence and control dependence,and more accurately characterizes malicious code.In this thesis,on the basis of the BiLSTM model,the model input is constructed by optimizing the vectorization of semantic slices,which has a high detection accuracy.In order to demonstrate the effectiveness of the method,this thesis collected test samples from the Internet and constructed a data set.Compared with the other three machine learning models and two detection tools,the method of this thesis performed best,reaching an accuracy rate of 97.71%.4.Aiming at the lack of effective detection methods for fileless web malicious code,a hybrid analysis detection method for fileless webshells is proposed.This method adopts secondary analysis to narrow down the detection range step by step,reducing the load on the web application.In order to improve the detection accuracy,this method monitors the Java virtual machine system calls,captures the dynamic characteristics of webshell execution,and converts suspicious classes into bytecode files by analyzing memory,and then judges suspicious classes through static taint analysis.In order to demonstrate the effectiveness of this method,this thesis collects Java fileless webshell samples on the Internet and constructs a test data set,and compares it with two detection tools of the same type.The experimental results show that the method achieved a detection rate of 81.33%in the experiment,about 18%higher than the other two tools.