WEB APPLICATION VULNERABILITY DETECTION BASED ON REINFORCEMENT LEARNING
To solve the problem of low crawling yield and low detection efficiency in web applications security detection,we propose a web application security vulnerability detection method based on Q-learning.We present a strategy of form focused crawling (QLC) which uses Q-learning algorithm to increase the crawling yield and detection efficiency.In the learning algorithm,we present the method of combining immediate rewards and future rewards to evaluate and optimize the learning rules.Simulating web attacking and analyzing the data of response are used to detect security-vulnerabilities,and rich attacking vectors ensure the improvement of detection accuracy.Finally,through effective training of the reinforcement learning the rules,a series of experimental results verify the effectiveness of the method we proposed in this paper.
Web security vulnerability Reinforcement learning Q-learning Web detection
Wang Xin Wei Gengyu Zhang Dongmei Yang Yixian
Key Laboratory of network and information attack & defence technology of MOE,Beijing Universityof Po Key Laboratory of network and information attack & defence technology of MOE,Beijing University of P
国际会议
太原
英文
39-44
2011-02-26(万方平台首次上网日期,不代表论文的发表时间)