Calzavara et al., 2020 - Google Patents
Machine learning for web vulnerability detection: the case of cross-site request forgeryCalzavara et al., 2020
View PDF- Document ID
- 10612000819958864563
- Author
- Calzavara S
- Conti M
- Focardi R
- Rabitti A
- Tolomei G
- Publication year
- Publication venue
- IEEE Security & Privacy
External Links
Snippet
We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black- box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness …
- 238000001514 detection method 0 title abstract description 34
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Calzavara et al. | Machine learning for web vulnerability detection: the case of cross-site request forgery | |
| Kharraz et al. | Surveylance: Automatically detecting online survey scams | |
| Calzavara et al. | Mitch: A machine learning approach to the black-box detection of CSRF vulnerabilities | |
| Stuttard et al. | The web application hacker's handbook: Finding and exploiting security flaws | |
| Chen et al. | Gui-squatting attack: Automated generation of android phishing apps | |
| Koide et al. | Detecting phishing sites using chatgpt | |
| Huaman et al. | They would do better if they worked together: The case of interaction problems between password managers and websites | |
| Ghasemisharif et al. | Towards automated auditing for account and session management flaws in single sign-on deployments | |
| CN103634317A (en) | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety | |
| Durey et al. | FP-Redemption: Studying browser fingerprinting adoption for the sake of web security | |
| Ahmed et al. | PhishCatcher: client-side defense against web spoofing attacks using machine learning | |
| Nagpal et al. | SECSIX: security engine for CSRF, SQL injection and XSS attacks | |
| Yuan et al. | Developing Abuse Cases Based on Threat Modeling and Attack Patterns. | |
| Hoffman et al. | Ajax security | |
| Pauli | The basics of web hacking: tools and techniques to attack the web | |
| Abubaker et al. | Social engineering in social network: a systematic literature review | |
| Sharma | A study of vulnerability scanners for detecting SQL injection and XSS attack in websites | |
| PÎRNĂU | Considerations on preventing social engineering over the internet | |
| Durai et al. | A survey on security properties and web application scanner | |
| CN117254920A (en) | Vulnerability information processing method, device, equipment and readable storage medium | |
| Nunes | Blended security analysis for web applications: Techniques and tools | |
| Fung et al. | Scanning of real-world web applications for parameter tampering vulnerabilities | |
| Singh et al. | Detection of Vulnerability in Websites Predominantly Against CSRF Using Machine Learning | |
| Li | A contingency framework to assure the user-centred quality and to support the design of anti-phishing software | |
| Backman | Why is security still an issue?: A study comparing developers’ software security awareness to existing vulnerabilities in software applications |