Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery

Stefano Calzavara; Mauro Conti; Riccardo Focardi; Alvise Rabitti; Gabriele Tolomei

doi:10.1109/MSEC.2019.2961649

Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery

Stefano Calzavara, Mauro Conti, Riccardo Focardi, Alvise Rabitti, Gabriele Tolomei

Research output: Contribution to journal › Article › Scientific › peer-review

13 Citations (Scopus)

Abstract

We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.

Original language	English
Article number	8966601
Pages (from-to)	8-16
Number of pages	9
Journal	IEEE Security and Privacy
Volume	18
Issue number	3
DOIs	https://doi.org/10.1109/MSEC.2019.2961649
Publication status	Published - 1 May 2020
Externally published	Yes

Access to Document

10.1109/MSEC.2019.2961649

Cite this

@article{a4aee36e6d53499e97763881b3a45d99,

title = "Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery",

abstract = "We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.",

author = "Stefano Calzavara and Mauro Conti and Riccardo Focardi and Alvise Rabitti and Gabriele Tolomei",

year = "2020",

month = may,

day = "1",

doi = "10.1109/MSEC.2019.2961649",

language = "English",

volume = "18",

pages = "8--16",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

number = "3",

}

TY - JOUR

T1 - Machine Learning for Web Vulnerability Detection

T2 - The Case of Cross-Site Request Forgery

AU - Calzavara, Stefano

AU - Conti, Mauro

AU - Focardi, Riccardo

AU - Rabitti, Alvise

AU - Tolomei, Gabriele

PY - 2020/5/1

Y1 - 2020/5/1

N2 - We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.

AB - We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.

UR - http://www.scopus.com/inward/record.url?scp=85078432497&partnerID=8YFLogxK

U2 - 10.1109/MSEC.2019.2961649

DO - 10.1109/MSEC.2019.2961649

M3 - Article

AN - SCOPUS:85078432497

SN - 1540-7993

VL - 18

SP - 8

EP - 16

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 3

M1 - 8966601

ER -

Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery

Abstract

Access to Document

Other files and links

Fingerprint

Cite this