Optimising vulnerability triage in DAST with deep learning

Stuart Millar, Denis Podgurskii, Dan Kuykendall, Jesus Martinez-del-Rincon, Paul Miller

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)
156 Downloads (Pure)

Abstract

False positives generated by vulnerability scanners are an industry-wide challenge in web application security. Accordingly, this paper presents a novel multi-view deep learning architecture to optimise Dynamic Application Security Testing (DAST) vulnerability triage, with task-specific design decisions exploiting the structure of traffic exchanges between our rules-based DAST scanner and a given web app. Leveraging convolutional neural networks, natural language processing and word embeddings, our model learns separate yet complementary internal feature representations of these exchanges before fusing them together to make a prediction of a verified vulnerability or a false positive. Given the amount of time and cognitive effort required to constantly manually review high volumes of DAST results correctly, the addition of this deep learning capability to a rules-based scanner creates a hybrid system that enables expert analysts to rank scan results, deprioritise false positives and concentrate on likely real vulnerabilities. This improves productivity and reduces remediation time, resulting in stronger security postures. Evaluations are conducted on a real-world dataset containing 91,324 findings of 74 different vulnerability types curated from DAST scans on nineteen organisations. Results show our multi-view architecture significantly reduces both the false positive rate by 20% and the false negative rate by 40% on average across all organisations compared to the single-view approach.

Original languageEnglish
Title of host publicationProceedings of the 15th ACM Workshop on Artificial Intelligence and Security
PublisherAssociation for Computing Machinery
Pages137-147
ISBN (Electronic)9781450398800
DOIs
Publication statusPublished - 07 Nov 2022
EventACM Workshop on Artificial Intelligence and Security - Los Angeles, United States
Duration: 11 Nov 202211 Nov 2022
Conference number: 15th
https://aisec.cc/

Publication series

NameAISec: Artificial Intelligence and Security Proceedings
PublisherAssociation for Computing Machinery

Workshop

WorkshopACM Workshop on Artificial Intelligence and Security
Abbreviated titleAiSec
Country/TerritoryUnited States
CityLos Angeles
Period11/11/202211/11/2022
Internet address

Fingerprint

Dive into the research topics of 'Optimising vulnerability triage in DAST with deep learning'. Together they form a unique fingerprint.

Cite this