# References Academic and technical references that inspired or are cited by IntelliScan. ## Foundational papers - **Breiman, L.** (2001). *Random forests*. Machine Learning, 45(1), 5-32. https://doi.org/10.1023/A:1010933404324 - **Breiman, L.** (1996). *Bagging predictors*. Machine Learning, 24(2), 123-140. - **Mitchell, T. M.** (1997). *Machine Learning*. McGraw-Hill. - **Pedregosa, F. et al.** (2011). *Scikit-learn: Machine Learning in Python*. Journal of Machine Learning Research, 12, 2825-2830. ## Web security - **OWASP Foundation** (2021). *OWASP Top 10*. https://owasp.org/www-project-top-ten/ - **OWASP Foundation** (2021). *Web Security Testing Guide v4.2*. https://owasp.org/www-project-web-security-testing-guide/ - **Clarke, J.** (2012). *SQL Injection Attacks and Defense* (2nd ed.). Syngress. - **Stallings, W. & Brown, L.** (2018). *Computer Security: Principles and Practice* (4th ed.). Pearson. - **Fielding, R. & Reschke, J.** (2014). *HTTP/1.1: Semantics and Content* (RFC 7231). IETF. ## ML for vulnerability detection - **Alghawazi, M., Alghazzawi, D. & Alarifi, S.** (2022). *Detection of SQL injection attack using machine learning techniques*. Journal of Cybersecurity and Privacy, 2(4), 764-777. - **Tadhani, T. et al.** (2024). *Securing web applications against SQL injection and cross-site scripting using a hybrid deep learning approach*. Scientific Reports (Nature), 14, 5120. - **Lamrani Alaoui, R. & Nfaoui, E. H.** (2023). *Cross site scripting attack detection approach based on LSTM encoder-decoder and word embeddings*. International Journal of Intelligent Systems and Applications in Engineering, 11(3). - **Lamrani Alaoui, R. & Nfaoui, E. H.** (2022). *Deep learning based approaches for web vulnerability detection: A systematic review*. Future Internet (MDPI), 14(12), 364. - **Kaur, J., Garg, U. & Bathla, G.** (2023). *Detection of cross-site scripting (XSS) attacks using machine learning techniques: A review*. Artificial Intelligence Review (Springer), 56(11). - **Dawadi, B. R., Adhikari, B. & Srivastava, D. K.** (2023). *Deep learning technique-enabled web application firewall for detection of web attacks*. Sensors (MDPI), 23(4), 2073. - **Herman, Y. P. et al.** (2023). *Web application vulnerability detection using K-Nearest Neighbor and Naive Bayes algorithms*. International Journal of Artificial Intelligence Research, 7(1). - **Irungu, J., Graham, S., Girma, A. & Kacem, T.** (2023). *Artificial intelligence techniques for SQL injection attack detection*. ACM ICIIT 2023. ## Industry reports - **IBM** (2023). *Cost of a Data Breach Report 2023*. https://www.ibm.com/reports/data-breach - **Verizon** (2023). *2023 Data Breach Investigations Report (DBIR)*. https://www.verizon.com/business/resources/reports/dbir/ - **Edgescan** (2023). *2023 Vulnerability Statistics Report* (8th ed.). ## Tools & infrastructure - **Merkel, D.** (2014). *Docker: Lightweight Linux containers for consistent development and deployment*. Linux Journal. - **Geron, A.** (2022). *Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow* (3rd ed.). O'Reilly. - **Van Rossum, G. & Drake, F. L.** (2009). *Python 3 Reference Manual*. CreateSpace. ## Test targets - **DVWA**: Damn Vulnerable Web Application. https://github.com/digininja/DVWA - **WebGoat**: OWASP. https://owasp.org/www-project-webgoat/ - **OWASP Juice Shop**: https://owasp.org/www-project-juice-shop/