Shae McFadden

Shae McFadden

I am currently undergoing my PhD at King’s College London under the supervision of Dr. Fabio Pierazzi. My primary research interest is in the cross section between artificial intelligence and cybersecurity. The focus of my thesis is on the application of deep reinforcement learning to cybersecurity, which at the moment has me looking at its application to black-box red team problems. Prior to starting my PhD, I conducted research on machine learning for malware classification in my undergraduate dissertation that won the Alan Fairbourn Memorial Prize and sparked my interest in AI and cybersecurity.

Scroll down for more details...

Wendigo: Deep Reinforcement Learning for Denial-of-Service Query Discovery in GraphQL

Lightning Talk

GraphQL is a type of web API which enables a unified endpoint for an application’s resources through its own query language, and is widely adopted by companies such as Meta, GitHub, X, and PayPal. The query-based structure of GraphQL is designed to reduce the over-/under-fetching typical of REST web APIs. Consequently, GraphQL allows attackers to perform Denial-of-Service (DoS) attacks through queries inducing higher server loads with fewer requests. However, with the additional complexity introduced by GraphQL, ensuring applications are not vulnerable to DoS is not trivial. We propose Wendigo, a black-box Deep Reinforcement Learning (DRL) approach only requiring the GraphQL schema to discover DoS exploitable queries against target applications. For example, our approach is able to discover queries which can perform a DoS attack utilizing only two GraphQL requests per hour, as opposed to the high volume of traffic required by traditional DoS attacks. Wendigo achieves this by building increasingly more complex queries while maximizing response time by using GraphQL features to increase the server load. The effective query discovery offered by Wendigo, not only enables developers to test for potential DoS risk in their GraphQL applications but also showcases DRL’s value in security problems such as this one.