Detail publikačního výsledku

Data Clustering and Categorization for Processing Results from Penetration Testing

LAZAROV, W.; MARTINÁSEK, Z.

Originální název

Data Clustering and Categorization for Processing Results from Penetration Testing

Anglický název

Data Clustering and Categorization for Processing Results from Penetration Testing

Druh

Stať ve sborníku v databázi WoS či Scopus

Originální abstrakt

As cyber threats and their potential impacts increase, the need for testing cyber resilience has become more important. Web applications are one of the frequent targets of cyberattacks, and therefore, the need for their penetration testing is desirable. However, these applications can contain up to tens of thousands of web resources, making the testing process very difficult. Our paper focuses on categorizing similar web resources from the reconnaissance phase to increase the overall effectiveness of penetration testing. For this purpose, we designed and developed a system for clustering and categorizing web resources using cluster analysis. We experimentally tested our solution in two iterations on 10,000 and 50,000 resources. The results show that e-commerce and newspaper websites contain a large amount of similar content, which our system was able to detect and provide penetration testers with the filtered sources for the next phase of penetration testing.

Anglický abstrakt

As cyber threats and their potential impacts increase, the need for testing cyber resilience has become more important. Web applications are one of the frequent targets of cyberattacks, and therefore, the need for their penetration testing is desirable. However, these applications can contain up to tens of thousands of web resources, making the testing process very difficult. Our paper focuses on categorizing similar web resources from the reconnaissance phase to increase the overall effectiveness of penetration testing. For this purpose, we designed and developed a system for clustering and categorizing web resources using cluster analysis. We experimentally tested our solution in two iterations on 10,000 and 50,000 resources. The results show that e-commerce and newspaper websites contain a large amount of similar content, which our system was able to detect and provide penetration testers with the filtered sources for the next phase of penetration testing.

Klíčová slova

cybersecurity; penetration testing; clustering; categorization; web applications; data analysis

Klíčová slova v angličtině

cybersecurity; penetration testing; clustering; categorization; web applications; data analysis

Autoři

LAZAROV, W.; MARTINÁSEK, Z.

Rok RIV

2026

Vydáno

26.11.2024

Nakladatel

VDE

Místo

Meloneras, Gran Canaria, Spain

ISBN

978-3-8007-6544-7

Kniha

ICUMT 2024; 16th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops

Strany od

131

Strany do

136

Strany počet

6

URL

https://ieeexplore.ieee.org/abstract/document/11048825

BibTex

@inproceedings{BUT193515,
  author="Willi {Lazarov} and Zdeněk {Martinásek}",
  title="Data Clustering and Categorization for Processing Results from Penetration Testing",
  booktitle="ICUMT 2024; 16th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops",
  year="2024",
  pages="131--136",
  publisher="VDE",
  address="Meloneras, Gran Canaria, Spain",
  isbn="978-3-8007-6544-7",
  url="https://ieeexplore.ieee.org/abstract/document/11048825"
}