Open AccessAn intrusion detection method based on behavior characteristics for business logic
Author(s) -
Ru Li,
Shuying Zhai,
Yongfeng Zhi
Publication year - 2020
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1544/1/012132
Subject(s) - vulnerability (computing) , computer science , intrusion detection system , vulnerability assessment , computer security , test (biology) , data mining , authentication (law) , business logic , sequence (biology) , intrusion , database , geochemistry , geology , psychology , paleontology , genetics , psychological resilience , psychotherapist , biology
In order to improve the detection efficiency and accuracy of business logic vulnerability, a test method based on behavior characteristics was proposed. It uses the test accountes to crawl url of business system, analyzes the characteristics of request sequence, parameter attributes, request parameters, response parameters, relationship between parameters, and digs out the vulnerability, and then uses the test elements to verify whether there is a vulnerability. Experimental and analytical results show that this method which is instead of manual method can effectively detect the vulnerability of invalid identity authentication, invalid access control and sensitive information leakage.