{"id":"https://openalex.org/W4413785812","doi":"https://doi.org/10.1109/tifs.2025.3601343","title":"AutoPT: How Far Are We From the Fully Automated Web Penetration Testing?","display_name":"AutoPT: How Far Are We From the Fully Automated Web Penetration Testing?","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4413785812","doi":"https://doi.org/10.1109/tifs.2025.3601343"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3601343","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3601343","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113311055","display_name":"Benlong Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Benlong Wu","raw_affiliation_strings":["School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China"],"raw_orcid":"https://orcid.org/0009-0008-4441-173X","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100634295","display_name":"Guoqiang Chen","orcid":"https://orcid.org/0000-0002-6094-7883"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guoqiang Chen","raw_affiliation_strings":["QI-ANXIN Technology Research Institute, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045121980","display_name":"Kejiang Chen","orcid":"https://orcid.org/0000-0002-9868-3414"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kejiang Chen","raw_affiliation_strings":["School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0002-9868-3414","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038253295","display_name":"Xiuwei Shang","orcid":"https://orcid.org/0009-0009-6660-9947"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiuwei Shang","raw_affiliation_strings":["School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China"],"raw_orcid":"https://orcid.org/0009-0009-6660-9947","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052688930","display_name":"Jiapeng Han","orcid":"https://orcid.org/0000-0002-8602-5051"},"institutions":[{"id":"https://openalex.org/I4210136133","display_name":"Acoustic Arc (China)","ror":"https://ror.org/038vtqc18","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210136133"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiapeng Han","raw_affiliation_strings":["Chaitin Future Technology Company Ltd., Hangzhou, China","Chaitin Future Technology Co., Ltd, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Chaitin Future Technology Company Ltd., Hangzhou, China","institution_ids":["https://openalex.org/I4210136133"]},{"raw_affiliation_string":"Chaitin Future Technology Co., Ltd, Hangzhou, China","institution_ids":["https://openalex.org/I4210136133"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yanru He","orcid":"https://orcid.org/0000-0001-9546-5043"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanru He","raw_affiliation_strings":["School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0001-9546-5043","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067689180","display_name":"Weiming Zhang","orcid":"https://orcid.org/0000-0001-5576-6108"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weiming Zhang","raw_affiliation_strings":["School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0001-5576-6108","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064573190","display_name":"Nenghai Yu","orcid":"https://orcid.org/0000-0003-4417-9316"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Nenghai Yu","raw_affiliation_strings":["School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0003-4417-9316","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Anhui Province Key Laboratory of Digital Security, University of Science and Technologyof China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5113311055"],"corresponding_institution_ids":["https://openalex.org/I126520041"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.22165889,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"20","issue":null,"first_page":"9657","last_page":"9672"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9520000219345093,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9520000219345093,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9261999726295471,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7547271251678467},{"id":"https://openalex.org/keywords/penetration","display_name":"Penetration (warfare)","score":0.562999963760376},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.35277074575424194}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7547271251678467},{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.562999963760376},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.35277074575424194},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C42475967","wikidata":"https://www.wikidata.org/wiki/Q194292","display_name":"Operations research","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3601343","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3601343","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2561957227","display_name":null,"funder_award_id":"62402469","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3061771244","display_name":null,"funder_award_id":"62472398","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4538375728","display_name":null,"funder_award_id":"U2336206","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6347247583","display_name":null,"funder_award_id":"U2436601","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W70390820","https://openalex.org/W1529010373","https://openalex.org/W1615992899","https://openalex.org/W2004684124","https://openalex.org/W2004929506","https://openalex.org/W2065555413","https://openalex.org/W2068201344","https://openalex.org/W2170478581","https://openalex.org/W2403966573","https://openalex.org/W3094485976","https://openalex.org/W4385507608","https://openalex.org/W4387385588","https://openalex.org/W4391407054","https://openalex.org/W4392405447","https://openalex.org/W4392544408","https://openalex.org/W4402784347","https://openalex.org/W4402811499","https://openalex.org/W4404130344","https://openalex.org/W4404534210","https://openalex.org/W4406800520"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Penetration":[0,121],"testing":[1,44,50,74,122,145,222],"is":[2],"essential":[3],"for":[4,107,229],"ensuring":[5],"Web":[6],"security":[7],"by":[8,154],"identifying":[9],"and":[10,15,85,104,164,182,200,207,223,227,232],"mitigating":[11],"vulnerabilities":[12],"in":[13,59,81],"advance,":[14],"the":[16,54,66,92,96,100,105,108,115,128,149,158,165,178,179,184,193,198,217],"rapid":[17],"progress":[18],"of":[19,56,72,98,151,162,168,219],"large":[20],"language":[21],"models":[22],"(LLMs)":[23],"shows":[24],"great":[25],"potential":[26],"to":[27,52,70,110,134,190],"revolutionize":[28],"this":[29,36,60],"process":[30],"through":[31],"intelligent,":[32],"automated":[33,143,220],"agents.":[34],"In":[35,211],"work,":[37,202],"we":[38,90,118,139],"establish":[39],"a":[40,47,120],"comprehensive":[41],"end-to-end":[42],"penetration":[43,49,73,144,221],"benchmark":[45,194],"using":[46],"real-world":[48],"environment":[51],"explore":[53],"capabilities":[55],"LLM-based":[57],"agents":[58,67],"domain.":[61],"Our":[62,171],"results":[63,173],"reveal":[64],"that":[65,126,175],"are":[68],"familiar":[69],"procedures":[71],"tasks,":[75],"but":[76],"they":[77],"still":[78],"face":[79],"limitations":[80],"generating":[82],"accurate":[83],"commands":[84],"executing":[86],"complete":[87],"processes.":[88],"Accordingly,":[89],"summarize":[91],"current":[93],"challenges,":[94],"including":[95],"difficulty":[97],"maintaining":[99],"entire":[101],"message":[102],"history":[103],"tendency":[106],"agent":[109,146],"become":[111],"stuck.":[112],"Based":[113],"on":[114,148,192],"above":[116],"insights,":[117],"propose":[119],"State":[123,130],"Machine":[124,131],"(PSM)":[125],"utilizes":[127,157],"Finite":[129],"(FSM)":[132],"methodology":[133],"address":[135],"these":[136],"limitations.":[137],"Then,":[138],"introduce":[140],"AutoPT,":[141],"an":[142],"based":[147],"principle":[150],"PSM":[152],"driven":[153],"LLMs,":[155],"which":[156],"inherent":[159],"inference":[160],"ability":[161],"LLM":[163],"constraint":[166],"framework":[167],"state":[169],"machines.":[170],"evaluation":[172],"show":[174],"AutoPT":[176,203,214],"outperforms":[177],"ReAct-based":[180],"baseline":[181,199],"improves":[183],"task":[185],"completion":[186],"rate":[187],"from":[188],"22%":[189],"41%":[191],"target.":[195],"Compared":[196],"with":[197],"manual":[201],"also":[204],"reduces":[205],"time":[206],"economic":[208],"costs":[209],"further.":[210],"general,":[212],"our":[213],"has":[215],"facilitated":[216],"development":[218],"bring":[224],"new":[225],"findings":[226],"insights":[228],"both":[230],"academia":[231],"industry.":[233]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}