Publications
4 results found
Al Wahaibi S, Foley M, Maffeis S, 2023, SQIRL: Grey-box detection of SQL injection vulnerabilities using reinforcement learning, USENIX Security, Publisher: USENIX Security, Pages: 6097-6114
Web security scanners are used to discover SQL injectionvulnerabilities in deployed web applications. Scanners tendto use static rules to cover the most common injection cases,missing diversity in their payloads, leading to a high volumeof requests and false negatives. Moreover, scanners oftenrely on the presence of error messages or other significantfeedback on the target web pages, as a result of additionalinsecure programming practices by web developers.In this paper we develop SQIRL, a novel approach to detecting SQL injection vulnerabilities based on deep reinforcementlearning, using multiple worker agents and grey-box feedback.Each worker intelligently fuzzes the input fields discoveredby an automated crawling component. This approach generates a more varied set of payloads than existing scanners,leading to the discovery of more vulnerabilities. Moreover,SQIRL attempts fewer payloads, because they are generatedin a targeted fashion.SQIRL finds all vulnerabilities in our microbenchmark forSQL injection, with substantially fewer requests than mostof the state-of-the-art scanners compared with. It also significantly outperforms other scanners on a set of 14 productiongrade web applications, discovering 33 vulnerabilities, withzero false positives. We have responsibly disclosed 22 novelvulnerabilities found by SQIRL, grouped in 6 CVEs.
Foley M, Maffeis S, 2023, HAXSS: Hierarchical reinforcement learning for XSS payload generation, IEEE TrustCom 2022, Publisher: IEEE, Pages: 147-158
Web application vulnerabilities are an ongoing problem that current black-box techniques and scanners do not entirely solve, suffering in particular from a lack of payload diversity that prevents them from capturing the long tail of vulnerabilities caused by uncommon sanitisation mistakes.In order to increase the diversity of payloads that can be automatically generated in a black-box fashion, we develop a hierarchical reinforcement learning approach where agents focus separately on the tasks of escaping the current context, and evading sanitisation. We implement this in an end-to-end prototype we call HAXSS. We compare our approach against a number of state-of-the-art black-box scanners on a new micro-benchmark for XSS payload generation, and on a macro-benchmark of established vulnerableweb applications. HAXSS outperforms the other scanners on both benchmarks, identifying 131 vulnerabilities (a 20% improvement over the closest scanner), reporting 0 false positives. Finally, we demonstrate that our approach is practically useful, as HAXSS re-discovers 4 existing CVEs and discovers 5 new CVEs in 3 production-grade web applications.
Foley M, Rawat A, Lee T, et al., 2023, Matching Pairs: Attributing Fine-Tuned Models to their Pre-Trained Large Language Models, Pages: 7423-7442, ISSN: 0736-587X
The wide applicability and adaptability of generative large language models (LLMs) has enabled their rapid adoption. While the pretrained models can perform many tasks, such models are often fine-tuned to improve their performance on various downstream applications. However, this leads to issues over violation of model licenses, model theft, and copyright infringement. Moreover, recent advances show that generative technology is capable of producing harmful content which exacerbates the problems of accountability within model supply chains. Thus, we need a method to investigate how a model was trained or a piece of text was generated and what their pre-trained base model was. In this paper we take the first step to address this open problem by tracing back the origin of a given fine-tuned LLM to its corresponding pre-trained base model. We consider different knowledge levels and attribution strategies, and find that we can correctly trace back 8 out of the 10 fine tuned models with our best method.
Foley M, Hicks C, Highnam K, et al., 2022, Autonomous network defence using reinforcement learning, ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Publisher: ACM, Pages: 1252-1254
In the network security arms race, the defender is significantly disadvantaged as they need to successfully detect and counter every malicious attack. In contrast, the attacker needs to succeed only once. To level the playing field, we investigate the effectiveness of autonomous agents in a realistic network defence scenario. We first outline the problem, provide the background on reinforcement learning and detail our proposed agent design. Using a network environment simulation, with 13 hosts spanning 3 subnets, we train a novel reinforcement learning agent and show that it can reliably defend continual attacks by two advanced persistent threat (APT) red agents: one with complete knowledge of the network layout and another which must discover resources through exploration but is more general.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.