The Agent Web Model: modeling web hacking for reinforcement learning-Reference-Cited by-同舟云学术

The Agent Web Model: modeling web hacking for reinforcement learning

Published:2021-06-08 Issue: Volume: Page:
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Erdődi László^ORCID,Zennaro Fabio Massimo

Abstract

AbstractWebsite hacking is a frequent attack type used by malicious actors to obtain confidential information, modify the integrity of web pages or make websites unavailable. The tools used by attackers are becoming more and more automated and sophisticated, and malicious machine learning agents seem to be the next development in this line. In order to provide ethical hackers with similar tools, and to understand the impact and the limitations of artificial agents, we present in this paper a model that formalizes web hacking tasks for reinforcement learning agents. Our model, named Agent Web Model, considers web hacking as a capture-the-flag style challenge, and it defines reinforcement learning problems at seven different levels of abstraction. We discuss the complexity of these problems in terms of actions and states an agent has to deal with, and we show that such a model allows to represent most of the relevant web vulnerabilities. Aware that the driver of advances in reinforcement learning is the availability of standardized challenges, we provide an implementation for the first three abstraction layers, in the hope that the community would consider these challenges in order to develop intelligent web hacking agents.

Funder

University of Oslo

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-021-00554-7.pdf

Reference45 articles.

1. Anley, C.: Advanced SQL injection in SQL server applications. https://crypto.stanford.edu/cs155old/cs155-spring11/papers/sql_injection.pdf. Accessed: 2020-09-12 (2002)

2. Antunes, N., Vieira, M.: Designing vulnerability testing tools for web services: approach, components, and tools. Int. J. Inf. Secur. (2017)

3. Appelt, D., Nguyen, C.D., Panichella, A., Briand, L.C.: A machine-learning-driven evolutionary approach for testing web application firewalls. IEEE Trans. Reliab. 67(3) (2018)

4. Berners-Lee, T., Fischetti, M.: Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web by Its Inventor. DIANE Publishing Company, Darby (2001)

5. Blasco, J.: Introduction to XPath injection techniques. http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Introduction%20to%20Xpath%20injection%20techniques.pdf. Accessed 2020-09-12 (2007)

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Distributed web hacking by adaptive consensus-based reinforcement learning;Artificial Intelligence;2024-01

2. WebGuardRL: An Innovative Reinforcement Learning-based Approach for Advanced Web Attack Detection;Proceedings of the 12th International Symposium on Information and Communication Technology;2023-12-07

3. Impact of computer users on cyber defense strategies;Systems Engineering;2023-11-28

4. Automated Multi-Step Web Application Attack Analysis Using Reinforcement Learning and Vulnerability Assessment Tools;2023-09-01

5. The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities;Electronics;2023-06-14