To improve the detection results of cross-site scripting (XSS) vulnerability, a dynamic attack vector gen-eration and optimization scheme was proposed based on hidden Markov model .The mutated attack vector was gen-erated by using decision tree model to classify the attack vectors and the code confusion strategy to deform the attack vector .To reduce the interactions between the test phase and the web server , an injection point de-duplication and probe algorithm are designed to remove web pages that do not include XSS vulnerabilities and to avoid detecting the same injection point in different web pages .XPath path location technology was adopted to improve the analysis ef-ficiency for vulnerability detection results .Experimental results show that the proposed method can reduce the re-sponse time and the miss report , and improve the detection efficiency .
作者 ：王丹 顾明昌 赵文兵
Author：WANG Dan GU Mingchang ZHAO Wenbing
刊 名：哈尔滨工程大学学报 ISTICEIPKU
Journal：Journal of Harbin Engineering University
年，卷(期) ：2017, 38(11)
关键词：跨站脚本漏洞 渗透测试 隐马尔科夫模型 攻击向量 注入点
Keywords：cross site scripting penetration test hidden Markov model ( HMM) attack vector injection point