Journal Article10.4018/IJSSE.2016040101
Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications
3
TL;DR: The authors develop a Fuzzy Logic based System FLS1 to compute the risk uniformly and to address the diversity of risks, and propose a set of crisp metrics that are used to define fuzzy sets.
read more
Abstract: This paper addresses the problem of assessing risk in web application due to implementation level vulnerabilities. In particular, the authors address the common research challenge of finding enough historical data to compute the probability of vulnerabilities and exploitations. They develop a Fuzzy Logic based System FLS1 to compute the risk uniformly and to address the diversity of risks. The authors propose a set of crisp metrics that are used to define fuzzy sets. They also develop a set of rule-bases to assess the risk level. The proposed FLS can be a useful tool to aid application developers and industry practitioners to assess the risk and plan ahead for employing necessary mitigation approaches. The authors evaluate their proposed approach using three real-world web applications implemented in PHP, and apply it to four types of common vulnerabilities. The initial results indicate that the proposed FLS approach can effectively discover high risk applications.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System
TL;DR: An “intelligent” tool for detecting cross-site scripting flaws in web applications based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations.
•Posted Content
A Taxonomy of Malicious Traffic for Intrusion Detection Systems
TL;DR: This paper proposes a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets.
1
A Taxonomy of Malicious Traffic for Intrusion Detection Systems
Hanan Hindy,Elike Hodo,Ethan Bayne,Amar Seeam,Robert Atkinson,Xavier Bellekens +5 more
- 11 Jun 2018
TL;DR: In this article, a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets, is proposed.
References
A mathematical theory of communication
TL;DR: This final installment of the paper considers the case where the signals or the messages or both are continuously variable, in contrast with the discrete nature assumed until now.
74.4K
Application of fuzzy algorithms for control of simple dynamic plant
E.H. Mamdani
- 01 Dec 1974
TL;DR: In this article, the authors describe a scheme in which a fuzzy algorithm is used to control plant, in this case, a laboratory-built steam engine, implemented as an interpreter of a set of rules expressed as fuzzy conditional statements.
4.3K
A Classification of SQL-Injection Attacks and Countermeasures
William G. J. Halfond,Jeremy Viegas,Alessandro Orso +2 more
- 01 Jan 2006
TL;DR: An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections.
Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers
Shi-Jay Chen,Shyi-Ming Chen +1 more
TL;DR: The proposed fuzzy risk analysis method is more flexible and more intelligent than the existing methods due to the fact that it considers the degrees of confidence of decisionmakers' opinions.
493
Centroid-Based Document Classification: Analysis and Experimental Results
Eui-Hong Han,George Karypis +1 more
- 13 Sep 2000
TL;DR: The authors' experiments show that this centroidbased classifier consistently and substantially outperforms other algorithms such as Naive Bayesian, k-nearest-neighbors, and C4.5, on a wide range of datasets.