Injection Vulnerability Testing Based On Multi-Task Evolutionary Algorithm

Web application firewall(WAF)plays an integral role nowadays to protect web ap-plications from various malicious injection attacks such as SQL injection,XML injection,and PHP injection,to name a few.However,given the evolving sophistication of injec-tion attacks and the increasing complexity of tuning a WAF,it is challenging to ensure that the WAF is free of injection vulnerabilities such that it will block all malicious injection attacks without wrongly affecting the legitimate message.Automatically testing the WAF is,therefore,a timely and essential task.In this thesis,we propose QianKun,an automatic inj ection testing tool that simultane-ously generates test inputs for multiple types of injection attacks on WAF.Our basic idea derives from the cross-lingual translation in natural language processing domain.Injection attacks are essentially caused by malicious statements in the user input of the web applic-taion.In particular,test inputs for different types of injection attacks are syntactically different but may be semantically similar.Sharing semantic knowledge across multiple programming languages can thus stimulate the generation of more sophisticated test inputs and discovering injection vulnerabilities of the WAF that are otherwise difficult to find,so that the test input found is more diverse.To this end,in QianKun,we combine multi-task learning and evolutionary algorithm to achieve the above purposes.The implementation steps of QianKun are as follows:(1)We first use multi-task learning to train the language model.It is mainly a sequence-to-sequence model based on multi-task.It can convert the test input between any pair of injection attacks;(2)The model is then used by a novel multi-task evolutionary algorithm to co-evolve test inputs for different types of injection attacks facilitated by a shared mating pool and domain-specific mutation operators at each generation;(3)In addition,within the evolutionary algorithm,we trained three common classifiers to run as fitness functions to find excellent test inputs,which named deep neu-ral networks,convolutional neural networks and recurrent neural networks.Therefore,the novelty of QianKun is that by imitating cross-language translation between natural lan-guages.It is able to learn the common semantic information from syntactically different test inputs for different types of injection attacks.And the whole process is a generation of multiple test input generation processes simultaneously.We conduct experiments on two real-world WAFs and six types of injection attacks,the results reveal that QianKun generates up to 3.0x more valid test inputs(i.e.,bypassing the underlying WAF)than its state-of-the-art single-task counterparts.And with the con-tinuous iteration of the evolutionary algorithm of QianKun,the number of test inputs is steadily increasing,that is,the growth rate of single tasks is not as fast as QianKun.And the experiment shows that QianKun can share and use the information passed in the test input well,and each task pair can effectively improve the validity of the test input.