Automatic Detection Method of Website Vulnerabilities Based on an Associated Data Drive

IF 0.7 4区计算机科学 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Web Engineering Pub Date : 2025-03-01 DOI:10.13052/jwe1540-9589.2423

Xiaoli Li;Ling Zhao;Haobin Shen;Hanlin Du;Zhida Guo

{"title":"Automatic Detection Method of Website Vulnerabilities Based on an Associated Data Drive","authors":"Xiaoli Li;Ling Zhao;Haobin Shen;Hanlin Du;Zhida Guo","doi":"10.13052/jwe1540-9589.2423","DOIUrl":null,"url":null,"abstract":"In order to reduce the probability of website users being attacked and maintain the safety of website operation, this study proposes an automatic vulnerability detection method of websites based on associated data. We use plug-ins to scan the website in all directions, establish a scanning database, and classify and store the scanned web data. By applying optimized an a priori association rule algorithm, key features are extracted from web scan data, which are then transformed into input samples for a K-means clustering algorithm. The aim is to efficiently extract feature attributes of website vulnerability data and ultimately construct a text vectorized representation of vulnerability data. Convolutional neural networks can automatically detect website vulnerabilities by using the constructed text vector as input. Experimental verification shows that this method demonstrates comprehensive data coverage, efficient processing speed, and high-precision recognition performance. It not only significantly reduces the clustering analysis time, but also ensures the accuracy and timeliness of vulnerability detection.","PeriodicalId":49952,"journal":{"name":"Journal of Web Engineering","volume":"24 2","pages":"217-242"},"PeriodicalIF":0.7000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10979720","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Web Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10979720/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

In order to reduce the probability of website users being attacked and maintain the safety of website operation, this study proposes an automatic vulnerability detection method of websites based on associated data. We use plug-ins to scan the website in all directions, establish a scanning database, and classify and store the scanned web data. By applying optimized an a priori association rule algorithm, key features are extracted from web scan data, which are then transformed into input samples for a K-means clustering algorithm. The aim is to efficiently extract feature attributes of website vulnerability data and ultimately construct a text vectorized representation of vulnerability data. Convolutional neural networks can automatically detect website vulnerabilities by using the constructed text vector as input. Experimental verification shows that this method demonstrates comprehensive data coverage, efficient processing speed, and high-precision recognition performance. It not only significantly reduces the clustering analysis time, but also ensures the accuracy and timeliness of vulnerability detection.

查看原文本刊更多论文

基于关联数据驱动器的网站漏洞自动检测方法

为了降低网站用户被攻击的概率，维护网站运行的安全，本研究提出了一种基于关联数据的网站漏洞自动检测方法。我们使用插件对网站进行全方位扫描，建立扫描数据库，对扫描后的网页数据进行分类和存储。通过优化的先验关联规则算法，从网页扫描数据中提取关键特征，然后将其转换为输入样本，用于K-means聚类算法。目的是高效提取网站漏洞数据的特征属性，最终构建漏洞数据的文本矢量化表示。卷积神经网络利用构造的文本向量作为输入，自动检测网站漏洞。实验验证表明，该方法具有数据覆盖全面、处理速度快、识别精度高等特点。不仅显著减少了聚类分析时间，而且保证了漏洞检测的准确性和及时性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Web Engineering 工程技术-计算机：理论方法

CiteScore

1.80

自引率

12.50%

发文量

审稿时长

9 months

期刊介绍： The World Wide Web and its associated technologies have become a major implementation and delivery platform for a large variety of applications, ranging from simple institutional information Web sites to sophisticated supply-chain management systems, financial applications, e-government, distance learning, and entertainment, among others. Such applications, in addition to their intrinsic functionality, also exhibit the more complex behavior of distributed applications.