Winpen: A fast clustering approach for black-box penetration testing

Özerk, Özgün (2021) Winpen: A fast clustering approach for black-box penetration testing. [Thesis]

[thumbnail of 10437352_Ozerk_Ozgun.pdf] PDF

Download (1MB)


In black-box penetration testing, a payload is a piece of code that potentially enables unauthorized access to a computer system through an exploit. Grouping payloads based on the behavior they trigger in the target application is a labor-intensive process, where each payload and the corresponding behavior of the application to that payload should be analyzed and interpreted by humans. To assist human evaluation, we propose a new algorithm WinPen, which classifies the payloads based on the behavior they are triggering in the system. Each payload is represented as the length of the response strings generated after a payload is submitted in the system. WinPen performs mean-based comparisons for each point in the dataset with respect to the point’s previous neighbors. We show on several datasets that WinPen performs with an average 99.85% accuracy score across several datasets. WinPen runs in O(nlogn + n)) and the time complexity is reduced to O(n) for already sorted inputs. WinPen is programming-language and source-code independent, and can be utilized in Cyber Security applications, faster than the other clustering algorithms (e.g., up to 46× faster than kmeans1d), without the need for tedious hyper-parameter tuning procedures.
Item Type: Thesis
Uncontrolled Keywords: pentesting. -- clustering. -- unsupervised. -- black-box . --- machine-learning. -- cyber-security. -- sızma testi. -- kümeleme. -- denetimsiz. -- kara-kutu. -- makine-öğrenmesi.
Subjects: Q Science > QA Mathematics > QA076 Computer software
Divisions: Faculty of Engineering and Natural Sciences
Depositing User: Dila Günay
Date Deposited: 20 Jun 2022 16:46
Last Modified: 20 Jun 2022 16:46

Actions (login required)

View Item
View Item