⚠ Official Notice: www.ijisrt.com is the official website of the International Journal of Innovative Science and Research Technology (IJISRT) Journal for research paper submission and publication. Please beware of fake or duplicate websites using the IJISRT name.



AI-Driven Adaptive Web Vulnerability Scanner Using Python-Based Reinforcement Learning Framework


Authors : Satyaprakash Sethy; Binay Munda Shibashish; Dandsena; Rakesh Jagadev

Volume/Issue : Volume 11 - 2026, Issue 5 - May

Google Scholar : https://tinyurl.com/beyf5xvb

Scribd : https://tinyurl.com/yd2zzzsr

DOI : https://doi.org/10.38124/ijisrt/26May1465

PlumX Metrics

Semantic Scholar

ResearchGate

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The rapid growth of web-based applications and cloud-enabled services has significantly increased cybersecurity threats targeting modern web environments. Traditional web vulnerability scanners mainly depend on static payload signatures and predefined attack rules, resulting in high false positive rates, limited adaptability, and poor performance in dynamic web applications. To address these limitations, this research proposes an AI-driven adaptive web vulnerability scanner using a Python-based reinforcement learning framework. The proposed system integrates intelligent web crawling, automated form extraction, adaptive payload injection, vulnerability response analysis, and reinforcement learning-based attack optimization for efficient web application security assessment. The framework models the scanning process as a Markov Decision Process (MDP) and utilizes the Proximal Policy Optimization (PPO) algorithm to dynamically learn optimal attack strategies based on environmental rewards. The developed architecture supports detection of major web vulnerabilities including Cross-Site Scripting (XSS) and SQL Injection (SQLi) using adaptive payload mutation techniques. Experimental evaluation was performed using vulnerable web platforms such as DVWA and OWASP Juice Shop in a Google Colab environment using Python libraries including Selenium, BeautifulSoup, Requests, Gymnasium, and StableBaselines3. Experimental results demonstrated improved vulnerability detection accuracy, reduced false positive rate, and enhanced adaptive attack capability compared with traditional static payload scanners. The reinforcement learning agent progressively optimized action selection and improved attack efficiency through continuous interaction with the target environment. The proposed framework also provides extensibility for future integration of deep learning, API security analysis, cloud-native vulnerability assessment, and large language model-assisted penetration testing systems. The obtained results indicate that AI-assisted adaptive cybersecurity frameworks can significantly improve automated web vulnerability detection in modern dynamic web application.

References :

  1. D. Stuttard and M. Pinto, The Web Application Hacker’s Handbook, 2nd ed., Wiley Publishing, 2011.
  2. OWASP, “OWASP Top 10 Web Application Security Risks,” 2021.
  3. B. Krebs, Spam Nation: The Inside Story of Organized Cybercrime, Sourcebooks, 2014.
  4. W. G. J. Halfond, J. Viegas, and A. Orso, “A classification of SQL injection attacks and countermeasures,” in Proceedings of the IEEE International Symposium on Secure Software Engineering, 2006.
  5. S. Bau, E. Bursztein, D. Gupta, and J. Mitchell, “State of the art: Automated black-box web application vulnerability testing,” in Proceedings of the IEEE Symposium on Security and Privacy, 2010.
  6. Y. Huang, F. Yu, C. Hang, C. Tsai, D. Lee, and S. Kuo, “Securing web application code by static analysis and runtime protection,” in Proceedings of the International Conference on World Wide Web, 2004.
  7. Artificial Intelligence and cybersecurity integration studies, Springer, 2022.
  8. Reinforcement Learning: An Introduction, MIT Press, 2018.
  9. K. Gwon and J. Lee, “Reinforcement learning-based cyber attack detection for intelligent security systems,” IEEE Access, vol. 8, pp. 184325–184337, 2020.
  10. Y. Liu, Y. Wang, and J. Zhang, “Machine learning approaches for vulnerability detection: A survey,” IEEE Transactions on Reliability, vol. 70, no. 4, pp. 1456–1478, 2021.
  11. M. Lekies, B. Stock, and M. Johns, “25 million flows later: Large-scale detection of DOM-based XSS,” in Proceedings of the ACM Conference on Computer and Communications Security, 2013.

The rapid growth of web-based applications and cloud-enabled services has significantly increased cybersecurity threats targeting modern web environments. Traditional web vulnerability scanners mainly depend on static payload signatures and predefined attack rules, resulting in high false positive rates, limited adaptability, and poor performance in dynamic web applications. To address these limitations, this research proposes an AI-driven adaptive web vulnerability scanner using a Python-based reinforcement learning framework. The proposed system integrates intelligent web crawling, automated form extraction, adaptive payload injection, vulnerability response analysis, and reinforcement learning-based attack optimization for efficient web application security assessment. The framework models the scanning process as a Markov Decision Process (MDP) and utilizes the Proximal Policy Optimization (PPO) algorithm to dynamically learn optimal attack strategies based on environmental rewards. The developed architecture supports detection of major web vulnerabilities including Cross-Site Scripting (XSS) and SQL Injection (SQLi) using adaptive payload mutation techniques. Experimental evaluation was performed using vulnerable web platforms such as DVWA and OWASP Juice Shop in a Google Colab environment using Python libraries including Selenium, BeautifulSoup, Requests, Gymnasium, and StableBaselines3. Experimental results demonstrated improved vulnerability detection accuracy, reduced false positive rate, and enhanced adaptive attack capability compared with traditional static payload scanners. The reinforcement learning agent progressively optimized action selection and improved attack efficiency through continuous interaction with the target environment. The proposed framework also provides extensibility for future integration of deep learning, API security analysis, cloud-native vulnerability assessment, and large language model-assisted penetration testing systems. The obtained results indicate that AI-assisted adaptive cybersecurity frameworks can significantly improve automated web vulnerability detection in modern dynamic web application.

Paper Submission Last Date
30 - June - 2026

SUBMIT YOUR PAPER CALL FOR PAPERS
Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe