Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning

Lee, So‐Young; Wi, Seongil; Son, Sooel

doi:10.1145/3485447.3512234

Cited by 14 publications

(9 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Firmaster [76], Gail-PT [79], HILTI [82], IoTFuzzer [83], JCOMIX [84], LAID [85], Link [86], Lore [87], Mace [89], MaliceScript [92], Masat [93], Mirage [94], Mitch [95], MoScan [96], NAUTILUS [97], NAVEX [98], No Name (CSRF) [101], No Name (TTCN-3) [102], NodeXP [104], OSV [107], ObjectMap [105], Owfuzz [108], PJCT [115], PURITY [117], PentestGPT [113], PhpSAFE [114], Project Achilles [116], Pyciuti [118], RAT [119], ROSploit [123], RT-RCT [124], Revealer [120], RiscyROP [121], Robin [122], SOA-Scanner [130], SVED [133], Scanner++ [125], SerialDetector [127], ShoVAT [128], Snout [129], Spicy [131], SuperEye [132], TChecker [135], TORPEDO [136], UE Security Reloaded [137], VAPE-BRIDGE…”

Section: Discussionmentioning

confidence: 99%

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.

show abstract

Section: Discussionmentioning

confidence: 99%

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…Reviewing several research papers and publications on XSS detection led to the deduction that a substantial portion of research has been done on XSS classification using machine learning and deep learning, whilst reinforcement learning has not been given much attention up until the submission of Link by Lei L. et al [29], that has changed the whole perspective of how else researchers can resolve the problem of XSS web vulnerabilities.…”

Section: Discussionmentioning

confidence: 99%

“…Researchers have also applied deep learning strategies to detect XSS vulnerabilities. Followings are some of the works under this category: Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning [2022] Lee S et al [29] have aimed at automatically detecting the reflected XSS vulnerabilities by utilizing the reinforcement learning in a black box setting. Background -Although, there are several penetration tools to detect this form of XSS attack which are easy to use and deploy, unfortunately there are some drawbacks to that.…”

Section: Deep Learning For Xss Vulnerabilities Classificationmentioning

confidence: 99%

An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling

Shahid

Aslam

Abbas

et al. 2022

Journal of Network and Computer Applications

View full text Add to dashboard Cite

“…Using a dynamic document object model (DOM) tree, Gupta et al 182 proposed a framework for detecting malicious content embedded in scripts both online and offline modes. There are so many recent works for detecting XSS, [183][184][185][186] using various ML based approach.…”

Section: Solutions For Xss Attacksmentioning

confidence: 99%

A comprehensive survey on online social networks security and privacy issues: Threats, machine learning‐based solutions, and open challenges

Bhattacharya

Roy

Chattopadhyay

et al. 2022

Security and Privacy

View full text Add to dashboard Cite

Over the past few years, online social networks (OSNs) have become an inseparable part of people's daily lives. Instead of being passive readers, people are now enjoying their role as content contributors. OSN has permitted its users to share their information including the multimedia content. OSN users can express themselves in virtual communities by providing their opinions and interacting with others. As a consequence, the privacy and security threats in OSNs have emerged as a major concern to the research and business world. In the recent past, a number of survey works have been conducted to discuss different security and privacy threats in OSNs. However, till date, no survey work has been conducted that aims to classify and analyze various machine learning (ML)‐based solutions adapted for the security defense of OSNs. In this survey article, we present a detailed taxonomy with a classification of various works done on various security attacks in OSNs. We then review and summarize the existing state of art survey works on OSN security, and indicate the merits and limitations of these survey works. Next, we review all recent works that aim to provide ML‐based solutions toward defense of security attacks on OSNs. Finally, we discuss the future road‐map on OSN security and provide a comprehensive analysis on the open research issues with feasible measurements and possible solutions.

show abstract

Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning

Cited by 14 publications

References 30 publications

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling

A comprehensive survey on online social networks security and privacy issues: Threats, machine learning‐based solutions, and open challenges

Contact Info

Product

Resources

About