A Fault-Driven Combinatorial Process for Model Evolution in XSS Vulnerability Detection

被引：7

作者：

Garn, Bernhard ^{[1
]}

Radavelli, Marco ^{[2
]}

Gargantini, Angelo ^{[2
]}

Leithner, Manuel ^{[1
]}

Simos, Dimitris E. ^{[1
]}

机构：

[1] SBA Res, A-1040 Vienna, Austria

[2] Univ Bergamo, Bergamo, Italy

来源：

ADVANCES AND TRENDS IN ARTIFICIAL INTELLIGENCE: FROM THEORY TO PRACTICE | 2019年 / 11606卷

关键词：

Combinatorial testing; XSS vulnerability; Security testing; Model evolution;

D O I：

10.1007/978-3-030-22999-3_19

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

We consider the case where a knowledge base consists of interactions among parameter values in an input parameter model for web application security testing. The input model gives rise to attack strings to be used for exploiting XSS vulnerabilities, a critical threat towards the security of web applications. Testing results are then annotated with a vulnerability triggering or non-triggering classification, and such security knowledge findings are added back to the knowledge base, making the resulting attack capabilities superior for newly requested input models. We present our approach as an iterative process that evolves an input model for security testing. Empirical evaluation on six real-world web application shows that the process effectively evolves a knowledge base for XSS vulnerability detection, achieving on average 78.8% accuracy.

引用

页码：207 / 215

页数：9

共 15 条

[1]

Arcaini P., 2019, IEEE INT C SOFTW TES

[2]

Bozic J., 2015, IEEE INT C SOFTW TES

[3]

Catteddu D, 2010, COMM COM INF SC, V72, P17

[4]

Duchene F., 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST 2012), P815, DOI 10.1109/ICST.2012.181

[5] Migrating combinatorial interaction test modeling and generation to the web [J].

Gargantini, Angelo ;

Radavelli, Marco .

2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW), 2018, :308-317

[6] Combinatorial Interaction Testing for Automated Constraint Repair [J].

Gargantini, Angelo ;

Petke, Justyna ;

Radavelli, Marco .

10TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS - ICSTW 2017, 2017, :239-248

[7]

Garn B., 2014, P 2014 WORKSHOP JOIN, P16, DOI DOI 10.1145/2631890.2631894

[8]

Ghandehari L.S., 2018, IEEE T SOFTW ENG

[9] Learning Combinatorial Interaction Test Generation Strategies using Hyperheuristic Search [J].

Jia, Yue ;

Cohen, Myra B. ;

Harman, Mark ;

Petke, Justyna .

2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 1, 2015, :540-550

[10]

Kuhn D.R., 2013, Introduction to Combinatorial Testing

← 1 2 →