Scan is the most common technical means used by hackers to identify site vulnerabilities as an attack entry to a website. Local and lightweight scan can often avoid the detection for network layer security protection. The establishment of detection algorithms against such hidden abnormal scan can enable timely identification of the vulnerability of an application site so to establish a precise active protection strategy. Through the comparison on the access behaviors of various users based on the behavioral characteristics of abnormal scan summarized and the clustering algorithm of the subdomain of the site, the occurrence time of abnormal scan and the location of the subdomain can be detected. The results show that the higher the degree of overlap of characteristic operation indexes, the higher the probability of being an abnormal scan behavior. This helps greatly reduce false positives during the overall detection of the website. Based on the output of the clustering-based detection model, it provides a strong basis for enhancing the protection of the application system and repairing security vulnerabilities caused by the inherent logic errors and the incomplete system functionality.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.