We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.

Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery

Calzavara S.;Focardi R.;Rabitti A.;
2020-01-01

Abstract

We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.
2020
IEEE SECURITY & PRIVACY
18
2.1 Articolo su rivista
File in questo prodotto:
File Dimensione Formato  
spmag20.pdf

non disponibili

Tipologia: Documento in Post-print
Licenza: Accesso chiuso-personale
Dimensione 374.98 kB
Formato Adobe PDF
  Visualizza/Apri
374.98 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3729046
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 7
social impact