資訊安全領域的攻擊，隨著及科技的日新月異，除了針對原始網頁的攻擊，如 SQL 注入與 XSS 等，也開拓了其他的攻擊面，像 CDN 也是其中一個攻擊者們會試圖進攻的項目。由於網路使用人數日益增高，CDN 的使用率也逐年上升，對此，針對 CDN 相關的資訊安全研究也就更加地受到重視。在 2017 年的 Black Hat ，網頁快取欺騙攻擊被提出，這個攻擊主要利用的是 CDN 與網頁伺服器的錯誤或不一致設定，進而使得 CDN 快取住使用者的敏感資訊，攻擊者藉此得以偷取使用者的資料，知名網站如 PayPal 與 ChatGPT 都曾經被發現有過網頁快取欺騙攻擊的漏洞。
在自動化偵測網頁快取欺騙漏洞的過程中，為了要避免偵測的流量太過龐大，使得偵測的請求被誤認為攻擊，以及減少偵測流量對於網路、偵測目標的負擔，如何使用最少的偵測數量就得以達成弱點偵測成為了一個需要被探討的議題。在現代網頁的設計中，在同一個網域底下常常會出現大量相同的頁面，如產品介紹、公告頁面等，我們提出了利用 Path Tree 來儲存 URL ，並且使用 BFS 搭配隨機選擇網頁路徑的策略，以及利用正規表示式辨識出類似的頁面並將其加入相同群組，以求使用少量的偵測請求，就能夠偵測到不同類型的頁面。在實驗中，我們的方法在相同的網路資源消耗與偵測時間下，比起其他方法，可以偵測到更多的弱點網域數量。

As the number of internet users continues to increase, the usage of CDN has been steadily rising. Consequently, the security issue of CDN becomes more critical. In 2017, the concept of web cache deception (WCD) attacks was proposed in Black Hat, which exploits misconfigurations or inconsistencies between CDNs and web servers. This attack allows CDN web cache servers to cache sensitive user information, enabling attackers to steal user data. Well-known websites like PayPal and ChatGPT was vulnerable to web cache deception attack.
In the WCD vulnerability detection process, reducing the detection quantity to minimize the impact on the network is crucial. In modern web design, numerous identical pages are often within the same domain, such as product introductions and announcement pages. We propose using path trees to store URLs and employ a Breadth-First Search (BFS) with random selection strategy to select path nodes. Additionally, we utilize regular expressions to identify similar pages and group them. This approach aims to achieve the detection of different types of pages with a minimal number of detection requests. In our experiment, our proposed method can detect the most vulnerable domains under the same network consumption.

[1] WordPress, “60+ internet usage statistics and latest trends for 2023.” https://www.wpbeginner.com/research/internet-usage-statistics-and-latest-trends/, Jan 2023. Last accessed 8 Jun 2023.
[2] BuiltWith, “Content delivery network usage statistics." https://trends.builtwith.com/CDN/Content-Delivery-Network. Last accessed 13 Jun 2023.
[3] ModorIntelligence, “Content delivery network (cdn) market size & share analysis - growth trends & forecasts (2023 - 2028).”https://www.mordorintelligence.com/industry-reports/content-delivery-market. Last accessed 8 Jun 2023.
[4] C. official website, “What is caching?.” https://www.cloudflare.com/learning/cdn/what-is-caching/. Last accessed 5 Jun 2023.
[5] M. Ghaznavi, E. Jalalpour, M. A. Salahuddin, R. Boutaba, D. Migault, and S. Preda, “Content delivery network security: A survey,” IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2166–2190, 2021.
[6] S. Triukose, Z. Al-Qudah, and M. Rabinovich, “Content delivery networks: protection or threat?,” in Computer Security–ESORICS 2009: 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings 14, pp. 371–389, Springer, 2009.
[7] I. Mubarok, K. Lee, S. Lee, and H. Lee, “Lightweight resource management for ddos traffic isolation in a cloud environment,” in ICT Systems Security and Privacy Protection: 29th IFIP TC 11 International Conference, SEC 2014, Marrakech, Morocco, June 2-4, 2014. Proceedings 29, pp. 44–51, Springer, 2014.
[8] J. Kettle, “Practical web cache poisoning.” https://portswigger.net/ research/practical-web-cache-poisoning, Aug 2018. Last accessed 8 Jun 2023.
[9] B. Dickson, “Path confusion: Web cache deception threatens user information online.” https://portswigger.net/daily-swig/ path-confusion-web-cache-deception-threatens-user-information-online, Dec 2019. Last accessed 8 Jun 2023.
[10] O. Gil, “Web cache deception attack,” Black Hat USA, vol. 2017, 2017.
[11] O. ZAP, “Web cache deception.” https://www.zaproxy.org/docs/alerts/ 40039/. Last accessed 8 Jun 2023.
[12] G. Nagli, “The team at @openai just fixed a critical account takeover vulnerability i reported few hours ago affecting #chatgpt.” https://twitter.com/ naglinagli/status/1639343866313601024?cxt=HHwWgMCzhfKjj8AtAAAA, Mar 2023. Last accessed 5 Jun 2023.
[13] S. A. Mirheidari, S. Arshad, K. Onarlioglu, B. Crispo, E. Kirda, and W. Robertson, “Cached and confused: Web cache deception in the wild,” in Proceedings of the 29th USENIX Conference on Security Symposium, pp. 665–682, 2020.
[14] S. A. Mirheidari, M. Golinelli, K. Onarlioglu, E. Kirda, and B. Crispo, “Web cache deception escalates!,” in 31st USENIX Security Symposium (USENIX Security 22), pp. 179–196, 2022.
[15] D. Miessler, “Seclists.” https://github.com/danielmiessler/SecLists. Last accessed 5 May 2023.