Publication result detail

Data Clustering and Categorization for Processing Results from Penetration Testing

LAZAROV, W.; MARTINÁSEK, Z.

Original Title

Data Clustering and Categorization for Processing Results from Penetration Testing

English Title

Data Clustering and Categorization for Processing Results from Penetration Testing

Type

Paper in proceedings (conference paper)

Original Abstract

As cyber threats and their potential impacts increase, the need for testing cyber resilience has become more important. Web applications are one of the frequent targets of cyberattacks, and therefore, the need for their penetration testing is desirable. However, these applications can contain up to tens of thousands of web resources, making the testing process very difficult. Our paper focuses on categorizing similar web resources from the reconnaissance phase to increase the overall effectiveness of penetration testing. For this purpose, we designed and developed a system for clustering and categorizing web resources using cluster analysis. We experimentally tested our solution in two iterations on 10,000 and 50,000 resources. The results show that e-commerce and newspaper websites contain a large amount of similar content, which our system was able to detect and provide penetration testers with the filtered sources for the next phase of penetration testing.

English abstract

As cyber threats and their potential impacts increase, the need for testing cyber resilience has become more important. Web applications are one of the frequent targets of cyberattacks, and therefore, the need for their penetration testing is desirable. However, these applications can contain up to tens of thousands of web resources, making the testing process very difficult. Our paper focuses on categorizing similar web resources from the reconnaissance phase to increase the overall effectiveness of penetration testing. For this purpose, we designed and developed a system for clustering and categorizing web resources using cluster analysis. We experimentally tested our solution in two iterations on 10,000 and 50,000 resources. The results show that e-commerce and newspaper websites contain a large amount of similar content, which our system was able to detect and provide penetration testers with the filtered sources for the next phase of penetration testing.

Keywords

cybersecurity; penetration testing; clustering; categorization; web applications; data analysis

Key words in English

cybersecurity; penetration testing; clustering; categorization; web applications; data analysis

Authors

LAZAROV, W.; MARTINÁSEK, Z.

Released

26.11.2024

Publisher

VDE

Location

Meloneras, Gran Canaria, Spain

ISBN

978-3-8007-6544-7

Book

ICUMT 2024; 16th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops

Pages from

131

Pages to

136

Pages count

6

URL

https://ieeexplore.ieee.org/abstract/document/11048825

BibTex

@inproceedings{BUT193515,
  author="Willi {Lazarov} and Zdeněk {Martinásek}",
  title="Data Clustering and Categorization for Processing Results from Penetration Testing",
  booktitle="ICUMT 2024; 16th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops",
  year="2024",
  pages="131--136",
  publisher="VDE",
  address="Meloneras, Gran Canaria, Spain",
  isbn="978-3-8007-6544-7",
  url="https://ieeexplore.ieee.org/abstract/document/11048825"
}