Interrogating Virtual Agents: In Quest of Security Vulnerabilities - Testing Software and Systems
Conference Papers Year : 2020

Interrogating Virtual Agents: In Quest of Security Vulnerabilities

Josip Bozic
  • Function : Author
  • PersonId : 994797
Franz Wotawa
  • Function : Author
  • PersonId : 994796

Abstract

Chatbots, i.e., systems that communicate in natural language, have been of increasing importance over the last few years. These virtual agents provide specific services or products to clients on a 24/7 basis. Chatbots provide a simple and intuitive interface, i.e., natural language processing, which makes them increasingly attractive for various applications. In fact, chatbots are used as substitutes for repetitive tasks or user inquiries that can be automated. However, these advantages always are accompanied with concerns, e.g., whether security and privacy can be assured. These concerns become more and more important, because in contrast to simple requests, more sophisticated chatbots are able to utilize personalized services to users. In such cases, sensitive user data are processed and exchanged. Hence, such systems become natural targets for cyber-attacks with unforeseen consequences. For this reason, assuring information security of chatbots is an important challenge in practice. In this paper, we contribute to this challenge and introduce an automated security testing approach for chatbots. The presented framework is able to generate and run tests in order to detect intrinsic software weaknesses leading to the XSS vulnerability. We assume a vulnerability to be triggered when obtaining critical information from or crashing the virtual agent, regardless of its purpose. We discuss the underlying basic foundations and demonstrate the testing approach using several real-world chatbots.
Fichier principal
Vignette du fichier
497758_1_En_2_Chapter.pdf (345.12 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03239829 , version 1 (27-05-2021)

Licence

Identifiers

Cite

Josip Bozic, Franz Wotawa. Interrogating Virtual Agents: In Quest of Security Vulnerabilities. 32th IFIP International Conference on Testing Software and Systems (ICTSS), Dec 2020, Naples, Italy. pp.20-34, ⟨10.1007/978-3-030-64881-7_2⟩. ⟨hal-03239829⟩
57 View
75 Download

Altmetric

Share

More