{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T05:17:34Z","timestamp":1768281454344,"version":"3.49.0"},"reference-count":48,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"(POB Cybersecurity and Data Analysis) of Warsaw University of Technology within the Excellence Initiative: Research University (IDUB) Programme","award":["CPR-IDUB\/54\/Z01\/POB3\/2024"],"award-info":[{"award-number":["CPR-IDUB\/54\/Z01\/POB3\/2024"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/access.2025.3650335","type":"journal-article","created":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T18:38:09Z","timestamp":1767292689000},"page":"2134-2151","source":"Crossref","is-referenced-by-count":0,"title":["Using the Reinforcement Learning Agent to Test the Correctness of Rule Configuration in Web Application Firewalls"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4054-3478","authenticated-orcid":false,"given":"Mariusz","family":"Sepczuk","sequence":"first","affiliation":[{"name":"Faculty of Electronics and Information Technology, Warsaw University of Technology, Warsaw, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7304-4642","authenticated-orcid":false,"given":"Krzysztof","family":"Sosnowski","sequence":"additional","affiliation":[{"name":"Faculty of Electrical Engineering, Warsaw University of Technology, Warsaw, Poland"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3610401"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/tmc.2025.3634422"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2017.2665620"},{"key":"ref4","first-page":"281","article-title":"Security in the software development lifecycle","volume-title":"Proc. 14th Symp. Usable Privacy Secur. (SOUPS)","author":"Assal"},{"key":"ref5","first-page":"1","article-title":"Securing Web application using Web application firewall (WAF) and machine learning","volume-title":"Proc. 1st Int. Conf. Adv. Electr., Electron. Comput. Intell. (ICAEECI)","author":"Kumar"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2014.07.010"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2023.103596"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/compsac.2018.00144"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/5280158"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/sp40001.2021.00103"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1016\/s0927-0507(05)80172-0"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2022.105116"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.3390\/electronics13030555"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2025.130219"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/s10844-022-00738-0"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1049\/ise2.12107"},{"key":"ref18","article-title":"Behaviour-diverse automatic penetration testing: A curiosity-driven multi-objective deep reinforcement learning approach","author":"Yang","year":"2022","journal-title":"arXiv:2202.10630"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.3390\/info11010006"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103358"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.rineng.2023.100970"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/worlds4.2018.8611595"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/csr61664.2024.10679510"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-51482-1_3"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/spw.2018.00026"},{"key":"ref26","first-page":"2741","article-title":"SyzVegas: Beating kernel fuzzing odds with reinforcement learning","volume-title":"Proc. USENIX Secur.","author":"Wang"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-90870-6_6"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3560429"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3421989"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/icst49551.2021.00055"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.3390\/app13042482"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512234"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2021.102903"},{"key":"ref34","first-page":"6097","article-title":"SQIRL: Grey-box detection of SQL injection vulnerabilities using reinforcement learning","volume-title":"Proc. USENIX Secur.","author":"Al Wahaibi"},{"key":"ref35","article-title":"BertRLFuzzer: A BERT and reinforcement learning based fuzzer","author":"Jha","year":"2023","journal-title":"arXiv:2305.12534"},{"key":"ref36","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin","year":"2018","journal-title":"arXiv:1810.04805"},{"key":"ref37","first-page":"1","article-title":"Evading Web application firewalls with reinforcement learning","author":"Wang","year":"2020"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/tr.2018.2805763"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2021.3095417"},{"key":"ref40","volume-title":"OWASP Core Rule Set","year":"2024"},{"key":"ref41","volume-title":"BlackWidow Fuzzer","year":"2024"},{"key":"ref42","volume-title":"Firefly Fuzzer","year":"2024"},{"key":"ref43","volume-title":"Wfuzz Fuzzer","year":"2024"},{"key":"ref44","volume-title":"XSStrike Fuzzer","year":"2024"},{"key":"ref45","volume-title":"XSS Bypass on the Official CoreRuleSet Rules","year":"2024"},{"key":"ref46","volume-title":"Radamsa Fuzzer","year":"2024"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/3759626"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.softx.2019.100367"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/11323511\/11321235.pdf?arnumber=11321235","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,12]],"date-time":"2026-01-12T22:02:48Z","timestamp":1768255368000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11321235\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":48,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3650335","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}