WEB APPLICATION VULNERABILITY DETECTION BASED ON REINFORCEMENT LEARNING

摘要

To solve the problem of low crawling yield and low detection efficiency in web applications security' detection,we propose a web application security vulnerability detection method based on Q-learning.We present a strategy of form focused crawling (QLC) which uses Q-learning algorithm to increase the crawling yield and detection efficiency.In the learning algorithm,we present the method of combining immediate rewards and future rewards to evaluate and optimize the learning rules.Simulating web attacking and analyzing the data of response are used to detect security-vulnerabilities,and rich attacking vectors ensure the improvement of detection accuracy.Finally,through effective training of the reinforcement learning the rules,a series of experimental results verify the effectiveness of the method we proposed in this paper.