| Title: | Efficient Web-Vulnerability Detection Technique Using Hybrid SAST-DAST Analysis and Machine Learning |
| Authors: | Kondo, K. N. |
| Keywords: | материалы конференций;мachine learning;security technologies;vulnerability detection;cybersecurity;intelligent systems;web applications |
| Issue Date: | 2026 |
| Publisher: | БГУИР |
| Citation: | Kondo, K. N. Efficient Web-Vulnerability Detection Technique Using Hybrid SAST-DAST Analysis and Machine Learning / K. N. Kondo // Информационная безопасность : сборник материалов 62-й научной конференции аспирантов, магистрантов и студентов БГУИР, Минск, 13–17 апреля 2026 г. / Белорусский государственный университет информатики и радиоэлектроники ; редкол.: С. В. Дробот (гл. ред.) [и др.]. – Минск, 2026. – С. 40–42. |
| Abstract: | This study presents a lightweight, interpretable machine learning framework that correlates the outputs of static (SAST) and dynamic (DAST) security testing tools to reduce false positives and prioritize true vulnerabilities. Trained on the OWASP Benchmark (2,740 test cases), the Random Forest model achieves F1=0.837, recall=0.943, and reduces false positives by 66.8% compared to standalone DAST. Validation on realistic vulnerable applications (crAPI, WebGoat) showed precision@10=0.70 and 80% alert reduction on crAPI, and precision@20=0.80 with 84% alert reduction on WebGoat. SHAP analysis provides transparency, enabling analysts to understand each prediction. |
| URI: | https://libeldoc.bsuir.by/handle/123456789/63713 |
| Appears in Collections: | Информационная безопасность : материалы 62-й научной конференции аспирантов, магистрантов и студентов (2026)
|
