Reference : A Machine Learning-Driven Evolutionary Approach for Testing Web Application Firewalls
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/34224
A Machine Learning-Driven Evolutionary Approach for Testing Web Application Firewalls
English
Appelt, Dennis []
Nguyen, Cu D. []
Panichella, Annibale mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
In press
IEEE Transactions on Reliability
IEEE
Special Section on Software Testing and Program Analysis
Yes (verified by ORBilu)
International
0018-9529
[en] Software Security Testing ; SQL Injection ; Web Application Firewall ; Evolutionary Algorithms ; Machine Learning
[en] Web application firewalls (WAF) are an essential protection mechanism for online software systems. Because of the relentless flow of new kinds of attacks as well as their increased sophistication, WAFs have to be updated and tested regularly to prevent attackers from easily circumventing them. In this paper, we focus on testing WAFs for SQL injection attacks, but the general principles and strategy we propose can be adapted to other contexts. We present ML-Driven, an approach based on machine learning and an evolutionary algorithm to automatically detect holes in WAFs that let SQL injection attacks bypass them. Initially, ML-Driven automatically generates a diverse set of attacks and submit them to the system being protected by the target WAF. Then, ML-Driven selects attacks that exhibit patterns (substrings) associated with bypassing the WAF and evolve them to generate new successful bypassing attacks. Machine learning is used to incrementally learn attack patterns from previously generated attacks according to their testing results, i.e., if they are blocked or bypass the WAF. We implemented ML-Driven in a tool and evaluated it on ModSecurity, a widely used open-source WAF, and a proprietary WAF protecting a financial institution. Our empirical results indicate that ML-Driven is effective and efficient at generating SQL injection attacks bypassing WAFs and identifying attack patterns.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/34224
H2020 ; 694277 - TUNE - Testing the Untestable: Model Testing of Complex Software-Intensive Systems

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
IEEE-TR2018.pdfAuthor preprint1.18 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.