Sensors, Vol. 23, Pages 8014: Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications

Sensors, Vol. 23, Pages 8014: Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications Sensors doi: 10.3390/s23188014 Authors: Ankur Chowdhary Kritshekhar Jha Ming Zhao The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the sign...
Source: Sensors - Category: Biotechnology Authors: Tags: Article Source Type: research
More News: Biotechnology | Internet