Litcius/Paper detail

RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls

Mohammadhossein Amouei, Mohsen Rezvani, Mansoor Fateh

2021IEEE Transactions on Dependable and Secure Computing33 citationsDOIOpen Access PDF

Abstract

Due to the increasing sophistication of web attacks, Web Application Firewalls (WAFs) have to be tested and updated regularly to resist the relentless flow of web attacks. In practice, using a brute-force attack to discover vulnerabilities is infeasible due to the wide variety of attack patterns. Thus, various black-box testing techniques have been proposed in the literature. However, these techniques suffer from low efficiency. This article presents Reinforcement-Learning-Driven and Adaptive Testing ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">RAT</i> ), an automated black-box testing strategy to discover injection vulnerabilities in WAFs. In particular, we focus on SQL injection and Cross-site Scripting, which have been among the top ten vulnerabilities over the past decade. More specifically, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">RAT</i> clusters similar attack samples together. It then utilizes a reinforcement learning technique combined with a novel adaptive search algorithm to discover almost all bypassing attack patterns efficiently. We compare <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">RAT</i> with three state-of-the-art me&thods considering their objectives. The experiments show that <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">RAT</i> performs 33.53 and 63.16 percent on average better than its counterparts in discovering the most possible bypassing payloads and reducing the number of attempts before finding the first bypassing payload when testing well-configured WAFs, respectively.

Topics & Concepts

SQL injectionCross-site scriptingComputer scienceReinforcement learningFuzz testingWeb applicationBrute-force attackVulnerability (computing)Scripting languagePayload (computing)Attack surfaceMachine learningComputer securityThe InternetArtificial intelligenceWeb application securityWorld Wide WebSoftwareSearch engineWeb developmentOperating systemWeb search queryEncryptionNetwork packetQuery by ExampleWeb Application Security VulnerabilitiesSoftware Testing and Debugging TechniquesNetwork Security and Intrusion Detection
RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls | Litcius