|3/2016 - 2|
An Enhanced Rule-Based Web Scanner Based on Similarity ScoreLEE, M. , LEE, Y. , YOON, H.
|Click to see author's profile on SCOPUS, IEEE Xplore, Web of Science|
|Download PDF (1,261 KB) | Citation | Downloads: 288 | Views: 461|
intrusion detection, access control, information security, web services, security
security(10), network(8), vulnerability(7), testing(4), systems(4), software(4), services(4), server(4), information(4), detection(4)
No common words between the references section and the paper title.
About this article
Date of Publication: 2016-08-31
Volume 16, Issue 3, Year 2016, On page(s): 9 - 14
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2016.03002
Web of Science Accession Number: 000384750000002
SCOPUS ID: 84991070805
This paper proposes an enhanced rule-based web scanner in order to get better accuracy in detecting web vulnerabilities than the existing tools, which have relatively high false alarm rate when the web pages are installed in unconventional directory paths. Using the proposed matching method based on similarity score, the proposed scheme can determine whether two pages have the same vulnerabilities or not. With this method, the proposed scheme is able to figure out the target web pages are vulnerable by comparing them to the web pages that are known to have vulnerabilities. We show the proposed scanner reduces 12% false alarm rate compared to the existing well-known scanner through the performance evaluation via various experiments. The proposed scheme is especially helpful in detecting vulnerabilities of the web applications which come from well-known open-source web applications after small customization, which happens frequently in many small-sized companies.
Web of Science® Times Cited: 0
View record in Web of Science® [View]
View Related Records® [View]
Updated 2 days, 9 hours ago
SCOPUS® Times Cited: 0
View record in SCOPUS® [Free preview]
There are no citing papers in the CrossRef Cited-by Linking system.
Disclaimer: All information displayed above was retrieved by using remote connections to respective databases. For the best user experience, we update all data by using background processes, and use caches in order to reduce the load on the servers we retrieve the information from. As we have no control on the availability of the database servers and sometimes the Internet connectivity may be affected, we do not guarantee the information is correct or complete. For the most accurate data, please always consult the database sites directly. Some external links require authentication or an institutional subscription.
Web of Science® is a registered trademark of Thomson Reuters, Scopus® is a registered trademark of Elsevier B.V., other product names, company names, brand names, trademarks and logos are the property of their respective owners.
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.