{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:06:08Z","timestamp":1775815568648,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T00:00:00Z","timestamp":1650844800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Research Foundation of Korea (NRF) Grant","award":["2020R1C1C1009031"],"award-info":[{"award-number":["2020R1C1C1009031"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,25]]},"DOI":"10.1145\/3485447.3512234","type":"proceedings-article","created":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T05:11:23Z","timestamp":1650863483000},"page":"743-754","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning"],"prefix":"10.1145","author":[{"given":"Soyoung","family":"Lee","sequence":"first","affiliation":[{"name":"School of Computing, Korea Advanced Institute of Science and Technology, Republic of Korea"}]},{"given":"Seongil","family":"Wi","sequence":"additional","affiliation":[{"name":"School of Computing, Korea Advanced Institute of Science and Technology, Republic of Korea"}]},{"given":"Sooel","family":"Son","sequence":"additional","affiliation":[{"name":"School of Computing, Korea Advanced Institute of Science and Technology, Republic of Korea"}]}],"member":"320","published-online":{"date-parts":[[2022,4,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"4images. 2021. 4images Gallery. https:\/\/www.4homepages.de\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2012.167"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978380"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the USENIX Security Symposium. 377\u2013392","author":"Alhuzali Abeer","year":"2018","unstructured":"Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and VN Venkatakrishnan. 2018. NAVEX: precise and scalable exploit generation for dynamic web applications. In Proceedings of the USENIX Security Symposium. 377\u2013392."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"e_1_3_2_1_6_1","unstructured":"BBVA. 2019. WAF-Brain: The clever and efficient Firewall for the Web. https:\/\/github.com\/BBVA\/waf-brain."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the International Conference on Research in Attacks, Intrusions, and Defenses. 107\u2013120","author":"Buyukkayhan Ahmet\u00a0Salih","year":"2020","unstructured":"Ahmet\u00a0Salih Buyukkayhan, Can Gemicioglu, Tobias Lauinger, Alina Oprea, William Robertson, and Engin Kirda. 2020. What\u2019s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques. In Proceedings of the International Conference on Research in Attacks, Intrusions, and Defenses. 107\u2013120."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102204"},{"key":"e_1_3_2_1_9_1","volume-title":"WAVSEP: The Web Application Vulnerability Scanner Evaluation Project. https:\/\/github.com\/sectooladdict\/wavsep\/.","author":"Chen Shay","year":"2014","unstructured":"Shay Chen. 2014. WAVSEP: The Web Application Vulnerability Scanner Evaluation Project. https:\/\/github.com\/sectooladdict\/wavsep\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CAIPT.2017.8320672"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2019.2901791"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2959100.2959190"},{"key":"e_1_3_2_1_13_1","unstructured":"Anthony Cozamanis. 2019. XSS Vectors Cheat Sheet. https:\/\/gist.github.com\/kurobeats\/9a613c9ab68914312cbb415134795b45."},{"key":"e_1_3_2_1_14_1","unstructured":"Piotr Dabkowski. 2019. pyjsparser. https:\/\/github.com\/PiotrDabkowski\/pyjsparser."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICoIA.2013.6650259"},{"key":"e_1_3_2_1_16_1","volume-title":"Challenges of real-world reinforcement learning: definitions, benchmarks and analysis. Machine Learning","author":"Dulac-Arnold Gabriel","year":"2021","unstructured":"Gabriel Dulac-Arnold, Nir Levine, Daniel\u00a0J Mankowitz, Jerry Li, Cosmin Paduraru, Sven Gowal, and Todd Hester. 2021. Challenges of real-world reinforcement learning: definitions, benchmarks and analysis. Machine Learning (2021), 1\u201350."},{"key":"e_1_3_2_1_17_1","unstructured":"Gabriel Dulac-Arnold Daniel Mankowitz and Todd Hester. 2019. Challenges of real-world reinforcement learning. arXiv preprint arXiv:1904.12901(2019)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SMC42975.2020.9283498"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Laszlo Erdodi \u00c5vald\u00a0\u00c5slaugson Sommervoll and Fabio\u00a0Massimo Zennaro. 2021. Simulating SQL Injection Vulnerability Exploitation Using Q-Learning Reinforcement Learning Agents. arXiv preprint arXiv:2101.03118(2021).","DOI":"10.1016\/j.jisa.2021.102903"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00022"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMCECS47690.2020.240871"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.3390\/fi11080177"},{"key":"e_1_3_2_1_23_1","unstructured":"Python\u00a0Software Foundation. 2021. difflib: Helpers for computing deltas. https:\/\/docs.python.org\/3\/library\/difflib.html."},{"key":"e_1_3_2_1_24_1","unstructured":"Vincent Fran\u00e7ois-Lavet Raphael Fonteneau and Damien Ernst. 2015. How to discount deep reinforcement learning: Towards new dynamic strategies. arXiv preprint arXiv:1512.02011(2015)."},{"key":"e_1_3_2_1_25_1","first-page":"352","article-title":"ANOVUL: Detection of logic vulnerabilities in annotated programs via data and control flow analysis","volume":"14","author":"Ghorbanzadeh Mahmoud","year":"2020","unstructured":"Mahmoud Ghorbanzadeh and Hamid\u00a0Reza Shahriari. 2020. ANOVUL: Detection of logic vulnerabilities in annotated programs via data and control flow analysis. IET Digital Library 14, 3 (2020), 352\u2013364.","journal-title":"IET Digital Library"},{"key":"e_1_3_2_1_26_1","unstructured":"Google. 2018. Firing Range. https:\/\/github.com\/google\/firing-range."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICRAIE.2014.6909173"},{"key":"e_1_3_2_1_28_1","unstructured":"Ashley Hill Antonin Raffin Maximilian Ernestus Adam Gleave and Anssi Kanervisto. 2021. Stable baselines. https:\/\/github.com\/hill-a\/stable-baselines\/."},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Hooimeijer Pieter","year":"2011","unstructured":"Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes. 2011. Fast and Precise Sanitizer Analysis with BEK. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_1_30_1","unstructured":"Charlie Hou Mingxun Zhou Yan Ji Phil Daian Florian Tramer Giulia Fanti and Ari Juels. 2019. SquirRL: Automating attack analysis on blockchain incentive mechanisms with deep reinforcement learning. arXiv preprint arXiv:1912.01798(2019)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1080\/00224065.1986.11979014"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.36"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2011.32"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/1622737.1622748"},{"key":"e_1_3_2_1_35_1","unstructured":"Martin Kleppe. 2021. JSFuck. http:\/\/www.jsfuck.com\/."},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the Advances in Neural Information Processing Systems. 1008\u20131014","author":"Konda R","year":"2000","unstructured":"Vijay\u00a0R Konda and John\u00a0N Tsitsiklis. 2000. Actor-critic algorithms. In Proceedings of the Advances in Neural Information Processing Systems. 1008\u20131014."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450002"},{"key":"e_1_3_2_1_38_1","unstructured":"Zhipeng Liang Hao Chen Junhao Zhu Kangkang Jiang and Yanran Li. 2018. Adversarial deep reinforcement learning in portfolio management. arXiv preprint arXiv:1808.09940(2018)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5220\/0010537000002998"},{"key":"e_1_3_2_1_40_1","unstructured":"Sebastian\u00a0Roschke Michal\u00a0Zalewski Niels\u00a0Heinen. 2012. Skipfish - web application security scanner. https:\/\/code.google.com\/archive\/p\/skipfish\/."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the International Conference on Machine Learning. 1928\u20131937","author":"Mnih Volodymyr","year":"2016","unstructured":"Volodymyr Mnih, Adria\u00a0Puigdomenech Badia, Mehdi Mirza, Alex Graves, Timothy Lillicrap, Tim Harley, David Silver, and Koray Kavukcuoglu. 2016. Asynchronous methods for deep reinforcement learning. In Proceedings of the International Conference on Machine Learning. 1928\u20131937."},{"key":"e_1_3_2_1_42_1","volume-title":"Human-level control through deep reinforcement learning. Nature 518, 7540","author":"Mnih Volodymyr","year":"2015","unstructured":"Volodymyr Mnih, Koray Kavukcuoglu, David Silver, Andrei\u00a0A Rusu, Joel Veness, Marc\u00a0G Bellemare, Alex Graves, Martin Riedmiller, Andreas\u00a0K Fidjeland, Georg Ostrovski, 2015. Human-level control through deep reinforcement learning. Nature 518, 7540 (2015), 529\u2013533."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the International Conference on Learning Representations.","author":"Nagabandi Anusha","year":"2018","unstructured":"Anusha Nagabandi, Ignasi Clavera, Simin Liu, Ronald\u00a0S Fearing, Pieter Abbeel, Sergey Levine, and Chelsea Finn. 2018. Learning to Adapt in Dynamic, Real-World Environments through Meta-Reinforcement Learning. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_2_1_44_1","unstructured":"Netsparker. 2021. Web Application Advisories by Netsparker. https:\/\/www.netsparker.com\/web-applications-advisories\/."},{"key":"e_1_3_2_1_45_1","unstructured":"OpenAI. 2021. OpenAI Gym. https:\/\/gym.openai.com\/."},{"key":"e_1_3_2_1_46_1","volume-title":"ZAP: The OWASP Zed Attack Proxy. https:\/\/www.zaproxy.org\/.","author":"OWASP.","year":"2020","unstructured":"OWASP. 2020. ZAP: The OWASP Zed Attack Proxy. https:\/\/www.zaproxy.org\/."},{"key":"e_1_3_2_1_47_1","unstructured":"OWASP. 2021. OWASP Benchmark. https:\/\/owasp.org\/www-project-benchmark\/."},{"key":"e_1_3_2_1_48_1","unstructured":"OWASP. 2021. OWASP Top Ten. https:\/\/owasp.org\/www-project-top-ten\/."},{"key":"e_1_3_2_1_49_1","unstructured":"OWASP. 2021. OWASP XSS Fitler Evasion Cheat Sheet. https:\/\/owasp.org\/www-community\/xss-filter-evasion-cheatsheet."},{"key":"e_1_3_2_1_50_1","unstructured":"Cosmin Paduraru Daniel\u00a0J Mankowitz Gabriel Dulac-Arnold Jerry Li Nir Levine Sven Gowal and Todd Hezster. 2021. Challenges of Real-World Reinforcement Learning: Definitions Benchmarks & Analysis. Machine Learning Journal(2021)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_14"},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of the IEEE-RAS International Conference on Humanoid Robots Humanoids. 1\u201320","author":"Peters Jan","year":"2003","unstructured":"Jan Peters, Sethu Vijayakumar, and Stefan Schaal. 2003. Reinforcement learning for humanoid robotics. In Proceedings of the IEEE-RAS International Conference on Humanoid Robots Humanoids. 1\u201320."},{"key":"e_1_3_2_1_53_1","unstructured":"PortSwigger. 2021. Burp Suite - Cybersecurity Software from PortSwigger. https:\/\/portswigger.net\/burp."},{"key":"e_1_3_2_1_54_1","unstructured":"Portswigger. 2021. Portswigger Research - Cross-Site Scripting. https:\/\/portswigger.net\/research\/cross-site-scripting-research."},{"key":"e_1_3_2_1_55_1","unstructured":"PortSwigger. 2022. Cross-site scripting cheet sheet. https:\/\/portswigger.net\/web-security\/cross-site-scripting\/cheat-sheet."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISADS.2013.6513420"},{"key":"e_1_3_2_1_57_1","unstructured":"Leonard Richardson. 2021. Beautiful Soup. https:\/\/www.crummy.com\/software\/BeautifulSoup\/."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2014.01.024"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.2352\/ISSN.2470-1173.2017.19.AVM-023"},{"key":"e_1_3_2_1_60_1","unstructured":"Somdev Sangwan. 2019. XSStrike - Advanced XSS Detection Suite. https:\/\/github.com\/s0md3v\/XSStrike."},{"key":"e_1_3_2_1_61_1","unstructured":"John Schulman Filip Wolski Prafulla Dhariwal Alec Radford and Oleg Klimov. 2017. Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347(2017)."},{"key":"e_1_3_2_1_62_1","unstructured":"Haruyama Seigo. 2011. Vulnerable-Site-Sample. https:\/\/github.com\/haruyama\/Vulnerable-Site-Sample\/tree\/master\/xss."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/STARTUP.2016.7583912"},{"key":"e_1_3_2_1_64_1","unstructured":"SpiderLabs. 2021. ModSecurity: Open soruce Web Applictaion Firewall. https:\/\/github.com\/SpiderLabs\/ModSecurity."},{"key":"e_1_3_2_1_65_1","unstructured":"Dafydd Stuttard. 2009. PortSwigger Blog - Content discovery. https:\/\/portswigger.net\/blog\/v13p-content-discovery."},{"key":"e_1_3_2_1_66_1","unstructured":"Nicolas Surribas. 2021. Wapiti. https:\/\/wapiti.sourceforge.io\/."},{"key":"e_1_3_2_1_67_1","volume-title":"Proceedings of the Advances in Neural Information Processing Systems. 1057\u20131063","author":"Sutton S","year":"2000","unstructured":"Richard\u00a0S Sutton, David\u00a0A McAllester, Satinder\u00a0P Singh, and Yishay Mansour. 2000. Policy gradient methods for reinforcement learning with function approximation. In Proceedings of the Advances in Neural Information Processing Systems. 1057\u20131063."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2020.114386"},{"key":"e_1_3_2_1_69_1","unstructured":"UliCMS. 2022. UliCMS - Make Content Management Great Again. https:\/\/en.ulicms.de\/."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414462"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCCN.2018.2809722"},{"key":"e_1_3_2_1_72_1","unstructured":"Xianbo Wang and Han Hu. 2020. Evading Web Application Firewalls with Reinforcement Learning. https:\/\/openreview.net\/forum?id=m5AntlhJ7Z5"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23822-2_9"},{"key":"e_1_3_2_1_75_1","unstructured":"XSSer. 2020. Cross Site \u201dScripter\u201d (aka XSSer). https:\/\/github.com\/epsylon\/xsser."}],"event":{"name":"WWW '22: The ACM Web Conference 2022","location":"Virtual Event, Lyon France","acronym":"WWW '22","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2022"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485447.3512234","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485447.3512234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:13Z","timestamp":1750188613000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485447.3512234"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,25]]},"references-count":75,"alternative-id":["10.1145\/3485447.3512234","10.1145\/3485447"],"URL":"https:\/\/doi.org\/10.1145\/3485447.3512234","relation":{},"subject":[],"published":{"date-parts":[[2022,4,25]]},"assertion":[{"value":"2022-04-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}