Grey-Box Fuzzing Based on Reinforcement Learning for XSS Vulnerabilities
نویسندگان
چکیده
Cross-site scripting (XSS) vulnerabilities are significant threats to web applications. The number of XSS reported has increased annually for the past three years, posing a considerable challenge application maintainers. Black-box scanners mainstream tools security engineers perform penetration testing and detect vulnerabilities. Unfortunately, black-box rely on crawlers find input points applications cannot guarantee all tested. To this end, we propose grey-box fuzzing method based reinforcement learning, which can reflected stored Java We first use static analysis identify potential from components (i.e., code, configuration files, HTML files) application. Then, an vulnerability payload generation is proposed, used together with learning model. define state, action, reward functions models detection scenarios so that fuzz loop be performed automatically. demonstrate effectiveness proposed method, compare it against four state-of-the-art scanners. Experimental results show our finds no false positives.
منابع مشابه
The future of grey-box fuzzing
Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day[31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive[7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This...
متن کاملDeep Reinforcement Fuzzing
Fuzzing is the process of finding security vulnerabilities in input-processing code by repeatedly testing the code with modified inputs. In this paper, we formalize fuzzing as a reinforcement learning problem using the concept of Markov decision processes. This in turn allows us to apply state-of-theart deep Q-learning algorithms that optimize rewards, which we define from runtime properties of...
متن کاملOperation Scheduling of MGs Based on Deep Reinforcement Learning Algorithm
: In this paper, the operation scheduling of Microgrids (MGs), including Distributed Energy Resources (DERs) and Energy Storage Systems (ESSs), is proposed using a Deep Reinforcement Learning (DRL) based approach. Due to the dynamic characteristic of the problem, it firstly is formulated as a Markov Decision Process (MDP). Next, Deep Deterministic Policy Gradient (DDPG) algorithm is presented t...
متن کاملAcquisition of Box Pushing by Direct-Vision-Based Reinforcement Learning
In this paper, it was confirmed that a real mobile robot with a CCD camera could learn appropriate actions to reach and push a lying box only by Direct-Vision-Based reinforcement learning (RL). In Direct-Vision-Based RL, raw visual sensor signals are the inputs of a layered neural network; the neural network is trained by Back Propagation using the training signal that is generated based on rei...
متن کاملComplementing Model Learning with Mutation-Based Fuzzing
An ongoing challenge for learning algorithms formulated in the Minimally Adequate Teacher framework is to efficiently obtain counterexamples. In this paper we compare and combine conformance testing and mutation-based fuzzing methods for obtaining counterexamples when learning finite state machine models for the reactive software systems of the Rigorous Exampination of Reactive Systems (RERS) c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Applied sciences
سال: 2023
ISSN: ['2076-3417']
DOI: https://doi.org/10.3390/app13042482