{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T17:35:52Z","timestamp":1777656952164,"version":"3.51.4"},"reference-count":51,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2018,9,1]],"date-time":"2018-09-01T00:00:00Z","timestamp":1535760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"European Research Council ERC under the European Unions Horizon 2020 Research and Innovation Programme","award":["694277"],"award-info":[{"award-number":["694277"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2018,9]]},"DOI":"10.1109\/tr.2018.2805763","type":"journal-article","created":{"date-parts":[[2018,6,25]],"date-time":"2018-06-25T23:19:08Z","timestamp":1529968748000},"page":"733-757","source":"Crossref","is-referenced-by-count":67,"title":["A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls"],"prefix":"10.1109","volume":"67","author":[{"given":"Dennis","family":"Appelt","sequence":"first","affiliation":[]},{"given":"Cu D.","family":"Nguyen","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7395-3588","authenticated-orcid":false,"given":"Annibale","family":"Panichella","sequence":"additional","affiliation":[]},{"given":"Lionel C.","family":"Briand","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2663435"},{"key":"ref38","first-page":"187","article-title":"Bypass testing of web applications","author":"offutt","year":"0","journal-title":"Proc 15th Int Symp Softw Rel Eng"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2014.02.001"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TEVC.2014.2308294"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"308","DOI":"10.1007\/3-540-45575-2_31","article-title":"Specification-based testing of firewalls","volume":"2244","author":"j\u00fcrjens","year":"2001","journal-title":"Perspectives of System Informatics"},{"key":"ref37","article-title":"Fuzzing: The state of the art","author":"mcnally","year":"2012"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.294"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2007.05.007"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1529282.1529737"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1656274.1656278"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134416"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2008.34"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/HPCSim.2014.6903792"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2010.50"},{"key":"ref20","first-page":"87","article-title":"A\n static analysis framework for detecting sql injection vulnerabilities","volume":"1","author":"fu","year":"0","journal-title":"Proc 31st Annu Int Comput Softw Appl Conf"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2090147.2094081","article-title":"Sage:\n whitebox fuzzing for security testing","volume":"10","author":"godefroid","year":"2012","journal-title":"Queue"},{"key":"ref21","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1145\/1379022.1375607","article-title":"Grammar-based whitebox fuzzing","volume":"43","author":"godefroid","year":"2008","journal-title":"ACM SIGPLAN Notices"},{"key":"ref24","first-page":"13","article-title":"A\n classification of sql-injection attacks and countermeasures","volume":"1","author":"halfond","year":"0","journal-title":"Proc IEEE Int Symp Secure Softw Eng"},{"key":"ref23","first-page":"151","article-title":"Automated whitebox fuzz testing","volume":"8","author":"godefroid","year":"0","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572305"},{"key":"ref50","article-title":"Owasp, top 10, the ten most critical web application security risks","author":"williams","year":"2013"},{"key":"ref51","author":"witten","year":"2011","journal-title":"Data Mining Practical Machine Learning Tools and Techniques"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2017.28"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2015.7102604"},{"key":"ref12","author":"banzhaf","year":"1998","journal-title":"Genetic Programming An Introduction On the Automatic Evolution of Computer Programs and its Applications"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.27"},{"key":"ref14","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","article-title":"Sqlrand: Preventing sql injection attacks","author":"boyd","year":"2004","journal-title":"Applied Cryptography and Network Security"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ECOWS.2010.28"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1180337.1180344"},{"key":"ref18","first-page":"111","article-title":"Why johnny\n canâ??t pentest: An analysis of black-box web vulnerability scanners","author":"doup\u00e9","year":"0","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/bs.adcom.2015.11.003"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2013.02.061"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2009.090406"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2009.23"},{"key":"ref5","article-title":"Command injection vulnerability scanner\n for web services","author":"antunes","year":"0"},{"key":"ref8","article-title":"Automated testing of web\n application firewalls","author":"appelt","year":"2016"},{"key":"ref7","first-page":"32","article-title":"Assessing\n the impact of firewalls and database proxies on SQL injection testing","author":"appelt","year":"0","journal-title":"Proceedings of the 1st International Workshop on Future Internet Testing"},{"key":"ref49","first-page":"35","article-title":"Exploration and exploitation in evolutionary algorithms: A survey","volume":"45","author":"?repin\u0161ek","year":"2013","journal-title":"ACM Comput Surveys"},{"key":"ref9","first-page":"1","article-title":"Behind an\n application firewall, are we safe from sql injection attacks?","author":"appelt","year":"0","journal-title":"Proc IEEE Int'l Conf Software Testing Verification and Validation"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.27"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.283"},{"key":"ref48","first-page":"347","article-title":"Finding your\n way in the testing jungle: A learning approach to web security testing","author":"tripp","year":"0","journal-title":"Proc Int'l Symp on Softw Testing and Analysis"},{"key":"ref47","author":"sutton","year":"2007","journal-title":"Fuzzing Brute Force Vulnerability Discovery"},{"key":"ref42","volume":"1","author":"quinlan","year":"1993","journal-title":"C4 5 Programs for Machine Learning"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1002\/9781119136378"},{"key":"ref44","first-page":"1367","article-title":"Random or genetic algorithm search for\n object-oriented test suite generation?","author":"shamshiri","year":"0","journal-title":"Proc Annu Conf Genetic Evol \ufffdComput"},{"key":"ref43","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1007\/11430230_16","article-title":"Firewall\n conformance testing","volume":"3502","author":"senn","year":"2005","journal-title":"Testing of Communicating Systems"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/8452065\/08395015.pdf?arnumber=8395015","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T13:19:03Z","timestamp":1643203143000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8395015\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9]]},"references-count":51,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tr.2018.2805763","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"value":"0018-9529","type":"print"},{"value":"1558-1721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,9]]}}}