Related papers: A Novel Approach To User Agent String Parsing For Vulnerability Analysis Using Mutli-Headed Attention

A Novel Approach To User Agent String Parsing For Vulnerability Analysis Using Mutli-Headed Attention

URL: http://arxiv.org/abs/2306.03733v1
Date: Tue, 6 Jun 2023 14:49:25 GMT
Title: A Novel Approach To User Agent String Parsing For Vulnerability Analysis Using Mutli-Headed Attention
Authors: Dhruv Nandakumar, Sathvik Murli, Ankur Khosla, Kevin Choi, Abdul Rahman, Drew Walsh, Scott Riede, Eric Dull, Edward Bowen
Abstract summary: A novel methodology for parsing UASs using Multi-Headed Attention Based transformers is proposed. The proposed methodology exhibits strong performance in parsing a variety of UASs with differing formats. A framework to utilize parsed UASs to estimate the vulnerability scores for large sections of publicly visible IT networks or regions is also discussed.
Score: 3.3029515721630855
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: The increasing reliance on the internet has led to the proliferation of a diverse set of web-browsers and operating systems (OSs) capable of browsing the web. User agent strings (UASs) are a component of web browsing that are transmitted with every Hypertext Transfer Protocol (HTTP) request. They contain information about the client device and software, which is used by web servers for various purposes such as content negotiation and security. However, due to the proliferation of various browsers and devices, parsing UASs is a non-trivial task due to a lack of standardization of UAS formats. Current rules-based approaches are often brittle and can fail when encountering such non-standard formats. In this work, a novel methodology for parsing UASs using Multi-Headed Attention Based transformers is proposed. The proposed methodology exhibits strong performance in parsing a variety of UASs with differing formats. Furthermore, a framework to utilize parsed UASs to estimate the vulnerability scores for large sections of publicly visible IT networks or regions is also discussed. The methodology present here can also be easily extended or deployed for real-time parsing of logs in enterprise settings.

Related papers

Beyond Mask: Rethinking Guidance Types in Few-shot Segmentation [67.35274834837064]
We develop a universal vision-language framework (UniFSS) to integrate prompts from text, mask, box, and image. UniFSS significantly outperforms the state-of-the-art methods.
arXiv Detail & Related papers (2024-07-16T08:41:01Z)
An investigation of the Online Payment and Banking System Apps in Bangladesh [0.0]
Bangladesh is expending substantial efforts to digitize its national infrastructure. Despite the lack of knowledge about the security level of these systems, they are currently in frequent use without much consideration.
arXiv Detail & Related papers (2024-07-10T15:43:45Z)
On the Multi-turn Instruction Following for Conversational Web Agents [83.51251174629084]
We introduce a new task of Conversational Web Navigation, which necessitates sophisticated interactions that span multiple turns with both the users and the environment. We propose a novel framework, named self-reflective memory-augmented planning (Self-MAP), which employs memory utilization and self-reflection techniques.
arXiv Detail & Related papers (2024-02-23T02:18:12Z)
VisualWebArena: Evaluating Multimodal Agents on Realistic Visual Web Tasks [93.85005277463802]
VisualWebArena is a benchmark designed to assess the performance of multimodal web agents on realistic tasks. To perform on this benchmark, agents need to accurately process image-text inputs, interpret natural language instructions, and execute actions on websites to accomplish user-defined objectives.
arXiv Detail & Related papers (2024-01-24T18:35:21Z)
SoK: Analysis techniques for WebAssembly [0.0]
WebAssembly is a low-level bytecode language that allows languages like C, C++, and Rust to be executed in the browser at near-native performance. Vulnerabilities in memory-unsafe languages, like C and C++, can translate into vulnerabilities in WebAssembly binaries. WebAssembly has been used for malicious purposes like cryptojacking.
arXiv Detail & Related papers (2024-01-11T14:28:13Z)
SentinelLMs: Encrypted Input Adaptation and Fine-tuning of Language Models for Private and Secure Inference [6.0189674528771]
This paper addresses the privacy and security concerns associated with deep neural language models. Deep neural language models serve as crucial components in various modern AI-based applications. We propose a novel method to adapt and fine-tune transformer-based language models on passkey-encrypted user-specific text.
arXiv Detail & Related papers (2023-12-28T19:55:11Z)
A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
This paper introduces a novel approach using WebAssembly to address these issues. We present the design of a portable and fully attested publish/subscribe system as a holistic approach. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
arXiv Detail & Related papers (2023-12-01T16:37:48Z)
Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection [64.67495502772866]
Large Language Models (LLMs) are increasingly being integrated into various applications. We show how attackers can override original instructions and employed controls using Prompt Injection attacks. We derive a comprehensive taxonomy from a computer security perspective to systematically investigate impacts and vulnerabilities.
arXiv Detail & Related papers (2023-02-23T17:14:38Z)
Optimal Event Monitoring through Internet Mashup over Multivariate Time Series [77.34726150561087]
This framework supports the services of model definitions, querying, parameter learning, model evaluations, data monitoring, decision recommendations, and web portals. We further extend the MTSA data model and query language to support this class of problems for the services of learning, monitoring, and recommendation.
arXiv Detail & Related papers (2022-10-18T16:56:17Z)
Realistic simulation of users for IT systems in cyber ranges [63.20765930558542]
We instrument each machine by means of an external agent to generate user activity. This agent combines both deterministic and deep learning based methods to adapt to different environment. We also propose conditional text generation models to facilitate the creation of conversations and documents.
arXiv Detail & Related papers (2021-11-23T10:53:29Z)
Semantic Web Environments for Multi-Agent Systems: Enabling agents to use Web of Things via semantic web [6.85316573653194]
Multi-agent system (MAS) technologies are the right abstraction for developing decentralized and open Web applications. The aim of the project is to transform "Agent and propose an approach to transform "Agent and A&A" into a Web-readable format with in line web formats.
arXiv Detail & Related papers (2020-02-20T11:18:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.