Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications-Reference-Cited by-同舟云学术

Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications

Published:2023-09-21 Issue:18 Volume:23 Page:8014
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Chowdhary Ankur¹²^ORCID,Jha Kritshekhar²^ORCID,Zhao Ming²

Affiliation:

1. 6sense Insights Inc., San Francisco, CA 94105, USA

2. School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ 85281, USA

Abstract

The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the significant effort invested in manual penetration testing.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/18/8014/pdf

Reference54 articles.

1. A survey of cyber attacks on cyber physical systems: Recent advances and challenges;Duo;IEEE/CAA J. Autom. Sin.,2022

2. Milos Timotic (2021, October 02). 9 Web Technologies Every Web Developer Must Know in 2021. Available online: https://tms-outsource.com/blog/posts/web-technologies/.

3. Disawal, S., and Suman, U. (2021, January 17–19). An Analysis and Classification of Vulnerabilities in Web-Based Application Development. Proceedings of the 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India.

4. Chowdhary, A., Huang, D., Mahendran, J.S., Romo, D., Deng, Y., and Sabur, A. (2020, January 17–19). Autonomous security analysis and penetration testing. Proceedings of the 2020 16th International Conference on Mobility, Sensing and Networking (MSN), Tokyo, Japan.

5. Security of networked control systems subject to deception attacks: A survey;Pang;Int. J. Syst. Sci.,2022

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Generative AI for Threat Intelligence and Information Sharing;Advances in Digital Crime, Forensics, and Cyber Terrorism;2024-09-13

2. Generative Adversarial Networks in Anomaly Detection and Malware Detection: A Comprehensive Survey;Advances in Artificial Intelligence Research;2024-08-30

3. Reshaping Cybersecurity Practices by Optimizing Web Application Penetration Testing;Advances in Information Security, Privacy, and Ethics;2024-07-26

4. Overview of AI-Models and Tools in Embedded IIoT Applications;Electronics;2024-06-13

5. Leveraging Dual Variational Autoencoders and Generative Adversarial Networks for Enhanced Multimodal Interaction in Zero-Shot Learning;Electronics;2024-01-29