Research On WEB Securit Test Based On Machine Learning

With the rapid development of the Internet and the gradual upgrade of various security threats,web application security has become one of the biggest threat sources of Internet security.As the second universal security problem in OWASP TOP10,XSS vulnerability exists in nearly two-thirds of web applications,so XSS vulnerability detection has more and more significant research significance in Web security research.Traditional XSS security detection usually uses a fixed attack vector library to detect the injection points in turn,which leads to the low adaptability of attack vectors,low detection efficiency and low accuracy,often unable to resist complex network attacks.In this paper,the research of XSS vulnerability detection in web application security is mainly divided into two parts:attack vector generation module and detection analysis module.A method of XSS vulnerability detection based on machine learning is proposed,and an XSS vulnerability detection tool is designed and implemented,and its effectiveness in XSS vulnerability detection is verified by comparison.The basic idea is to improve the generation process of XSS attack vector by using machine learning technology in the generation stage,to realize the automatic selection and optimization of attack vector,to use the method of automatic interaction to effectively test the web application system,and finally to analyze the detection results by combining the XPath path positioning technology to determine whether there is XSS vulnerability in the detection point.Finally,the experimental results show that compared with the detection effect of appscan,the false alarm rate of the detection system in this paper is slightly higher than that of appscan,but its false alarm rate is lower than that of appscan,and the detection method in this paper has higher detection efficiency.Of course,there are still many deficiencies in the design of this paper,and there are many areas that can be further improved,such as increasing the contrast test of awvs and other detection tools,increasing the number of target sites for more large-scale experiments.The research work of this paper is mainly divided into the following aspects:1.This paper introduces the background and significance of web security research,focuses on XSS vulnerability detection,which has a wide range of influence in web security,and introduces the research status of XSS vulnerability detection at home and abroad.2.This paper introduces the related theoretical basis.It mainly includes the principle of XSS vulnerability,three common classification methods,main utilization methods and possible defense measures;machine learning algorithm used in the stage of attack vector generation;crawler technology used in the stage of vulnerability detection and analysis.3.This paper studies the generation process of attack vectors based on machine learning technology,mainly including the generation of basic attack vectors and the selection of bypass rules.According to the composition of XSS attack vector and context free grammar,the initial attack vector library is generated.Then,according to the method of decision tree classification,different types of attack vectors are matched for different types of output points.Finally,genetic algorithm is used to match the attack vectors to avoid the rules to generate the optimized attack vector database,and according to the improved elite selection strategy to retain the excellent attack vector individuals to the offspring population.4.This paper studies the XSS vulnerability detection and analysis module,and designs the automatic detection process according to the steps of manual detection of XSS vulnerabilities.The best priority search strategy and bloom filter de duplication algorithm are studied.Finally,the paper studies the analysis technology of crawler page,and chooses the method of secondary matching to improve the detection efficiency.For the first time,regular matching is used to determine the location of output points,and for the second time,XPath positioning technology is used to quickly locate the location of output points,which effectively improves the efficiency of vulnerability detection.5.The XSS vulnerability detection system proposed in this paper is designed and implemented.This paper introduces the XSS vulnerability detection tool and the experimental environment designed in this paper,and uses the detection tool and the known appscan vulnerability detection tool to detect the target experimental environment,and finally compares and analyzes the detection results to verify the effectiveness of this detection tool.