A COMPARISON AND EFFECTIVE PENETRATION TESTING APPROACHES WITH NMPREDICTOR BASED ON MACHINE LEARNING

Abstract

Vulnerabilities are known to be difficult to detect and prevent, especially in the context of web application. Although a significant research on web application security has been ongoing for a while, these applications have been a major source of problems and their security continues to be challenged. An important part of the problem derives from vulnerable source code of web applications. In order to overcome web vulnerabilities, different penetration tester used variety secure programming, static analysis, dynamic analysis, hybrid analysis of techniques such as and machine learning. Machine learning is consider an approach to prevent web vulnerabilities with a wide range of web applications because it is more preferable and does not have problems of false positive rate. There are numerous method proposed for detecting web vulnerabilities based on machine learning. It is very difficult to measure, which method is efficient to secure web application. Furthermore, there is lack of study found that targets the comparison of machine-learning method.to Find out optimal method. However, comparative study is required to understand the six differentpath that could be followed by different penetration tester. In this thesis we use machine learning. In order to fmd optimal method for existing studies, Drupal metrics file With J48 and random forest. We have implemented . methods based on decision were taken on NMPREDIGTO^. method with the feature extraction, performance parameters, classifiers with default parameters and 10k cross validation. Training data is passed through J48 and random forest to form a training model on which testing data is predicted and analyzed. Our results state that, to prevent web vulnerabilities VULPREDICTOR shows better results as compared to all others methods. We have found much higher accuracy of NMPREDICTOR method with respect to those reported by existing studies.