基於神經網絡語言模型的XSS載荷生成測試方法

胡捷翔; Chieh-Hsiang Hu

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/89836

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王凡	zh_TW
dc.contributor.advisor	Farn Wang	en
dc.contributor.author	胡捷翔	zh_TW
dc.contributor.author	Chieh-Hsiang Hu	en
dc.date.accessioned	2023-09-22T16:19:46Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-09-22	-
dc.date.issued	2023	-
dc.date.submitted	2023-08-10	-
dc.identifier.citation	[1] CVE, “CVE Details,” https://www.cvedetails.com/vulnerabilities-by-types.php (accessed July. 20, 2023). [2] T. Gowda and J. May, "Finding the Optimal Vocabulary Size for Neural Machine Translation," Online, November 2020: Association for Computational Linguistics, in Findings of the Association for Computational Linguistics: EMNLP 2020, pp. 3955-3964, doi: 10.18653/v1/2020.findings-emnlp.352. [3] M. K. Gupta, M. C. Govil, and G. Singh, "Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey," in International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014), 9-11 May 2014 2014, pp. 1-5, doi: 10.1109/ICRAIE.2014.6909173. [4] S. Lee, S. Wi, and S. Son, "Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning," presented at the Proceedings of the ACM Web Conference 2022, Virtual Event, Lyon, France, 2022. [Online]. Available: https://doi.org/10.1145/3485447.3512234. [5] M. Liu, K. Li, and T. Chen, "DeepSQLi: Deep Semantic Learning for Testing SQL Injection," presented at the Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2020. [Online]. Available: https://doi.org/10.1145/3395363.3397375. [6] Z. Liu, Y. Fang, C. Huang, and Y. Xu, "GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm," Security and Communication Networks, vol. 2022, p. 2031924, 2022/03/30 2022, doi: 10.1155/2022/2031924. [7] H. Maurel, S. Vidal, and T. Rezk, "Statically identifying XSS using deep learning," Science of Computer Programming, vol. 219, p. 102810, 2022/07/01/ 2022, doi: https://doi.org/10.1016/j.scico.2022.102810. [8] M. Mohammadi, B. Chu, H. R. Lipford, and E. Murphy-Hill, "Automatic Web Security Unit Testing: XSS Vulnerability Detection," in 2016 IEEE/ACM 11th International Workshop in Automation of Software Test (AST), 14-15 May 2016 2016, pp. 78-84, doi: 10.1145/2896921.2896929. [9] A. Vaswani et al., "Attention is All You Need," presented at the Proceedings of the 31st International Conference on Neural Information Processing Systems, 2017. [10] Y. Wang, P. Jia, L. Liu, C. Huang, and Z. Liu, "A systematic review of fuzzing based on machine learning techniques," PLoS ONE, vol. 15, p. e0237749, 2020, doi: 10.1371/journal.pone.0237749. [11] X. Song, R. Zhang, Q. Dong, and B. Cui, "Grey-Box Fuzzing Based on Reinforcement Learning for XSS Vulnerabilities," Applied Sciences, vol. 13, no. 4, doi: 10.3390/app13042482. [12] B. P. Miller, L. Fredriksen, and B. So, “An empirical study of the reliability of UNIX utilities,” Communications of the ACM, 1990, vol. 33, no. 12, pp. 32–44. [13] XSSer. 2020. Cross Site “Scripter” (aka XSSer). https://github.com/epsylon/xsser. [14] I. Tasdelen. 2022. xss-payload-list. https://github.com/payloadbox/xss-payload-list. [15] A. Abraham. 2020. OWASP-Xenotix-XSS-Exploit-Framework. https://github.com/ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework. [16] N. Surribas, 2021. Wapiti. https://wapiti.sourceforge.io/. [17] S. Chen, 2014. WAVSEP: The Web Application Vulnerability Scanner Evalua- tion Project. https://github.com/sectooladdict/wavsep/. [18] DVWA, 2013. Damn Vulnerable Web Application. https://github.com/digininja/DVWA. [19] Y. Li, Y. Nie, and X. Kuang, "Fuzzing DBMS via NNLM," in 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), 11-13 July 2022 2022, pp. 367-374, doi: 10.1109/DSC55868.2022.00057. [20] Z. Hu, J. Shi, Y. Huang, J. Xiong, and X. Bu, "GANFuzz: a GAN-based industrial network protocol fuzzing framework," presented at the Proceedings of the 15th ACM International Conference on Computing Frontiers, Ischia, Italy, 2018. [Online]. Available: https://doi.org/10.1145/3203217.3203241. [21] M. Foley and S. Maffeis, "Haxss: Hierarchical Reinforcement Learning for XSS Payload Generation," in 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 9-11 Dec. 2022 2022, pp. 147-158, doi: 10.1109/TrustCom56396.2022.00031. [22] L. van der Maaten and G. Hinton, "Viualizing data using t-SNE," Journal of Machine Learning Research, vol. 9, pp. 2579-2605, 11/01 2008.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/89836	-
dc.description.abstract	跨網站指令碼（Cross-Site Scripting，XSS）漏洞對網路應用程式構成重大威脅，因此需要開發強健的測試方法。本研究提出了一種基於神經網絡語言模型的黑盒XSS測試方法。我們利用語言模型的語意語法學習能力，自動產生針對不同XSS上下文自動產生不同的XSS載荷來做測試。為了評估我們方法的有效性，我們在有XSS弱點的網站上進行了實驗，包括Damn Vulnerable Web Application（DVWA）、Web Application Vulnerability Scanner Evaluation Project（WAVSEP）以及真實世界的網路應用程式。我們根據測試次數和XSS漏洞的檢測數量來評估我們的掃描方法的性能。結果顯示，相較於現有方法，我們的方法具有優勢。總而言之，我們的研究通過利用神經網絡語言模型，考慮XSS上下文並生成特定載荷，為XSS黑盒測試方法的進步做出了貢獻。我們的方法提供了一種高效且準確的檢測XSS漏洞的方式。	zh_TW
dc.description.abstract	Cross-Site Scripting (XSS) vulnerabilities pose a significant threat to web applications, necessitating the development of robust testing methods. In this study, we propose a black-box XSS testing approach based on payload generation using a neural network language model. Our method leverages the semantic grammar learning ability of the language model to automatically generate XSS payloads tailored to different XSS contexts. To evaluate the effectiveness of our approach, we conducted extensive experiments on vulnerable websites, including the Damn Vulnerable Web Application (DVWA), the Web Application Vulnerability Scanner Evaluation Project (WAVSEP), and real-world web applications. The performance of our scanning method was assessed based on the number of trials and the detection of XSS vulnerabilities. The results demonstrate the superiority of our approach compared to existing methods. Overall, our research contributes to the advancement of XSS black-box testing methodologies by harnessing the power of neural network language models. By considering XSS context and generating tailored payloads, our approach offers an efficient and accurate means of detecting XSS vulnerabilities.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-09-22T16:19:46Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-09-22T16:19:46Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員會審定書 i 誌謝 ii 中文摘要 iii ABSTRACT iv CONTENTS v LIST OF FIGURES viii LIST OF TABLES ix Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 3 1.3 Contribution 4 Chapter 2 Preliminaries 6 2.1 Web Security 6 2.2 XSS Vulnerability 6 2.3 Penetration Testing 7 2.4 XSS Injection Context 8 2.5 Language Model 9 Chapter 3 Related Work 11 3.1 XSS Black-Box Testing 11 3.1.1 Finite state machine method 11 3.1.2 Genetic algorithm method 11 3.1.3 Reinforcement learning method 12 3.1.4 Off-the-shelf black-box scanner 12 3.2 Test Case Generation with Artificial Intelligence 12 Chapter 4 Methodology 14 4.1 Training of Neural Language Model 14 4.1.1 Dataset collection 14 4.1.2 Dataset preprocessing 15 4.1.3 Sequence tokenization 16 4.1.4 Language model training 18 4.2 End-to-End XSS Testing Process 19 4.2.1 Injection points crawling 20 4.2.2 XSS context analysis 20 4.2.3 XSS payload generation 21 4.2.4 Testing and monitoring 24 Chapter 5 Experiment 25 5.1 Implementations 25 5.1.1 Python and Related Library 25 5.1.2 Test-Dragon 26 5.2 Investigating Neural Language Model 26 5.3 The Performance Evaluation 29 5.3.1 Experiment setup 30 5.3.2 DVWA 31 5.3.3 WAVSEP 31 5.3.4 Performance comparison 32 5.4 Real Web Application Scanning 37 5.5 The Testing Report 38 Chapter 6 Conclusion and Future Work 40 Chapter 7 Reference 41	-
dc.language.iso	en	-
dc.subject	跨網站指令碼	zh_TW
dc.subject	網路安全	zh_TW
dc.subject	黑箱測試	zh_TW
dc.subject	載荷生成	zh_TW
dc.subject	語言模型	zh_TW
dc.subject	Black-box testing	en
dc.subject	Web security	en
dc.subject	Payload generation	en
dc.subject	Cross-Site Scripting	en
dc.subject	Language model	en
dc.title	基於神經網絡語言模型的XSS載荷生成測試方法	zh_TW
dc.title	XSS Testing by Payload Generation Method Based on Neural Network Language Model	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	黃世昆;田謹維;林宗男;呂俊賢	zh_TW
dc.contributor.oralexamcommittee	Shih-Kun Huang;Chin-Wei Tien;Tsung-Nan Lin;Chun-Shien Lu	en
dc.subject.keyword	跨網站指令碼,黑箱測試,網路安全,載荷生成,語言模型,	zh_TW
dc.subject.keyword	Cross-Site Scripting,Black-box testing,Web security,Payload generation,Language model,	en
dc.relation.page	43	-
dc.identifier.doi	10.6342/NTU202303639	-
dc.rights.note	未授權	-
dc.date.accepted	2023-08-11	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電機工程學系	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	2.39 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。