Offensive AI: Enhancing Directory Brute-forcing Attack with the Use of Language Models
arxiv(2024)
摘要
Web Vulnerability Assessment and Penetration Testing (Web VAPT) is a
comprehensive cybersecurity process that uncovers a range of vulnerabilities
which, if exploited, could compromise the integrity of web applications. In a
VAPT, it is common to perform a Directory brute-forcing Attack, aiming
at the identification of accessible directories of a target website. Current
commercial solutions are inefficient as they are based on brute-forcing
strategies that use wordlists, resulting in enormous quantities of trials for a
small amount of success. Offensive AI is a recent paradigm that integrates
AI-based technologies in cyber attacks. In this work, we explore whether AI can
enhance the directory enumeration process and propose a novel Language
Model-based framework. Our experiments – conducted in a testbed consisting of
1 million URLs from different web application domains (universities, hospitals,
government, companies) – demonstrate the superiority of the LM-based attack,
with an average performance increase of 969
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要