{"id":"https://openalex.org/W4307964233","doi":"https://doi.org/10.1145/3560830.3563724","title":"Optimising Vulnerability Triage in DAST with Deep Learning","display_name":"Optimising Vulnerability Triage in DAST with Deep Learning","publication_year":2022,"publication_date":"2022-11-02","ids":{"openalex":"https://openalex.org/W4307964233","doi":"https://doi.org/10.1145/3560830.3563724"},"language":"en","primary_location":{"id":"doi:10.1145/3560830.3563724","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3560830.3563724","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://pureadmin.qub.ac.uk/ws/files/360140508/aisec2022_paper9.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089028359","display_name":"Stuart Millar","orcid":"https://orcid.org/0000-0002-4258-7853"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Stuart Millar","raw_affiliation_strings":["Rapid7 LLC, Boston, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Rapid7 LLC, Boston, MA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001302008","display_name":"Denis Podgurskii","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Denis Podgurskii","raw_affiliation_strings":["Open Web Application Security Project, Belfast, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Open Web Application Security Project, Belfast, United Kingdom","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052449940","display_name":"Dan Kuykendall","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dan Kuykendall","raw_affiliation_strings":["Rapid7 LLC, Boston, MA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Rapid7 LLC, Boston, MA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014600847","display_name":"Jes\u00fas Mart\u00ednez del Rinc\u00f3n","orcid":"https://orcid.org/0000-0002-9574-4138"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jes\u00fas Mart\u00ednez del Rinc\u00f3n","raw_affiliation_strings":["Queen's University Belfast, Belfast, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Queen's University Belfast, Belfast, United Kingdom","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018008959","display_name":"Paul Miller","orcid":"https://orcid.org/0000-0002-9280-000X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Paul Miller","raw_affiliation_strings":["Queen's University Belfast, Belfast, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Queen's University Belfast, Belfast, United Kingdom","institution_ids":["https://openalex.org/I126231945"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.2747,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.84781244,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"137","last_page":"147"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7990940809249878},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6830695867538452},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6623263359069824},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.6485372185707092},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5900577902793884},{"id":"https://openalex.org/keywords/triage","display_name":"Triage","score":0.5811220407485962},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5543258190155029},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5145408511161804},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5124688744544983},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.5095775127410889},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.4993619918823242},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.41725432872772217},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3879314661026001},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37580376863479614}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7990940809249878},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6830695867538452},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6623263359069824},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.6485372185707092},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5900577902793884},{"id":"https://openalex.org/C2777120189","wikidata":"https://www.wikidata.org/wiki/Q780067","display_name":"Triage","level":2,"score":0.5811220407485962},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5543258190155029},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5145408511161804},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5124688744544983},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.5095775127410889},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.4993619918823242},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.41725432872772217},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3879314661026001},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37580376863479614},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C194828623","wikidata":"https://www.wikidata.org/wiki/Q2861470","display_name":"Emergency medicine","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3560830.3563724","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3560830.3563724","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.qub.ac.uk/portal:publications/d8990b04-b4a0-472f-babe-10320de44618","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/d8990b04-b4a0-472f-babe-10320de44618","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/360140508/aisec2022_paper9.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Millar, S, Podgurskii, D, Kuykendall, D, Martinez-del-Rincon, J & Miller, P 2022, Optimising vulnerability triage in DAST with deep learning. in Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security. AISec: Artificial Intelligence and Security Proceedings, Association for Computing Machinery, pp. 137-147, ACM Workshop on Artificial Intelligence and Security , Los Angeles, United States, 11/11/2022. https://doi.org/10.1145/3560830.3563724","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:pure.qub.ac.uk/portal:publications/d8990b04-b4a0-472f-babe-10320de44618","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/d8990b04-b4a0-472f-babe-10320de44618","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/360140508/aisec2022_paper9.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Millar, S, Podgurskii, D, Kuykendall, D, Martinez-del-Rincon, J & Miller, P 2022, Optimising vulnerability triage in DAST with deep learning. in Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security. AISec: Artificial Intelligence and Security Proceedings, Association for Computing Machinery, pp. 137-147, ACM Workshop on Artificial Intelligence and Security , Los Angeles, United States, 11/11/2022. https://doi.org/10.1145/3560830.3563724","raw_type":"info:eu-repo/semantics/conferenceObject"},"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.4099999964237213}],"awards":[{"id":"https://openalex.org/G2241406505","display_name":null,"funder_award_id":"EP/R007187/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5334834590","display_name":null,"funder_award_id":"EP/H049606/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5445011987","display_name":null,"funder_award_id":"EP/K004379/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G6577499357","display_name":null,"funder_award_id":"EP/N508664/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G745166385","display_name":null,"funder_award_id":"EP/G034303/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4307964233.pdf","grobid_xml":"https://content.openalex.org/works/W4307964233.grobid-xml"},"referenced_works_count":29,"referenced_works":["https://openalex.org/W1832693441","https://openalex.org/W2006508099","https://openalex.org/W2027887391","https://openalex.org/W2103660000","https://openalex.org/W2122646361","https://openalex.org/W2125321366","https://openalex.org/W2134646643","https://openalex.org/W2147906352","https://openalex.org/W2251908874","https://openalex.org/W2493916176","https://openalex.org/W2739181022","https://openalex.org/W2766106797","https://openalex.org/W2797678261","https://openalex.org/W2876459260","https://openalex.org/W2885141472","https://openalex.org/W2887364112","https://openalex.org/W2927392967","https://openalex.org/W2963055550","https://openalex.org/W2968580482","https://openalex.org/W2987221721","https://openalex.org/W3036399259","https://openalex.org/W3046549894","https://openalex.org/W3107473573","https://openalex.org/W3109078334","https://openalex.org/W3111602563","https://openalex.org/W3118910683","https://openalex.org/W4239019441","https://openalex.org/W4247834219","https://openalex.org/W4292002318"],"related_works":["https://openalex.org/W101962219","https://openalex.org/W2393340519","https://openalex.org/W2390459954","https://openalex.org/W2066371588","https://openalex.org/W4220885008","https://openalex.org/W2057803998","https://openalex.org/W4298219515","https://openalex.org/W3119537175","https://openalex.org/W4282824511","https://openalex.org/W2021298062"],"abstract_inverted_index":{"False":[0],"positives":[1,135],"generated":[2],"by":[3,188,195],"vulnerability":[4,31,86,167],"scanners":[5],"are":[6,155],"an":[7],"industry-wide":[8],"challenge":[9],"in":[10,150],"web":[11,51],"application":[12],"security.":[13],"Accordingly,":[14],"this":[15,113],"paper":[16],"presents":[17],"a":[18,49,81,84,88,118,122,158],"novel":[19],"multi-view":[20,179],"deep":[21,114],"learning":[22,115],"architecture":[23,180],"to":[24,79,100,117,129,203],"optimise":[25],"Dynamic":[26],"Application":[27],"Security":[28],"Testing":[29],"(DAST)":[30],"triage,":[32],"with":[33],"task-specific":[34],"design":[35],"decisions":[36],"exploiting":[37],"the":[38,92,110,184,191,204],"structure":[39],"of":[40,72,83,94,106,112,164],"traffic":[41],"exchanges":[42,74],"between":[43],"our":[44,63,178],"rules-based":[45,119],"DAST":[46,107,171],"scanner":[47,120],"and":[48,60,96,136,145,190],"given":[50],"app.":[52],"Leveraging":[53],"convolutional":[54],"neural":[55],"networks,":[56],"natural":[57],"language":[58],"processing":[59],"word":[61],"embeddings,":[62],"model":[64],"learns":[65],"separate":[66],"yet":[67],"complementary":[68],"internal":[69],"feature":[70],"representations":[71],"these":[73],"before":[75],"fusing":[76],"them":[77],"together":[78],"make":[80],"prediction":[82],"verified":[85],"or":[87],"false":[89,134,185,192],"positive.":[90],"Given":[91],"amount":[93],"time":[95],"cognitive":[97],"effort":[98],"required":[99],"constantly":[101],"manually":[102],"review":[103],"high":[104],"volumes":[105],"results":[108],"correctly,":[109],"addition":[111],"capability":[116],"creates":[121],"hybrid":[123],"system":[124],"that":[125],"enables":[126],"expert":[127],"analysts":[128],"rank":[130],"scan":[131],"results,":[132],"deprioritise":[133],"concentrate":[137],"on":[138,157,173,197],"likely":[139],"real":[140],"vulnerabilities.":[141],"This":[142],"improves":[143],"productivity":[144],"reduces":[146,182],"remediation":[147],"time,":[148],"resulting":[149],"stronger":[151],"security":[152],"postures.":[153],"Evaluations":[154],"conducted":[156],"real-world":[159],"dataset":[160],"containing":[161],"91,324":[162],"findings":[163],"74":[165],"different":[166],"types":[168],"curated":[169],"from":[170],"scans":[172],"nineteen":[174],"organisations.":[175],"Results":[176],"show":[177],"significantly":[181],"both":[183],"positive":[186],"rate":[187,194],"20%":[189],"negative":[193],"40%":[196],"average":[198],"across":[199],"all":[200],"organisations":[201],"compared":[202],"single-view":[205],"approach.":[206]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}