Improving web application firewalls through anomaly detection
- Autor(es):
- Betarte, Gustavo ; Giménez, Eduardo ; Martínez, Rodrigo ; Pardo, Alvaro
- Tipo:
- Preprint
- Versión:
- Enviado
- Resumen:
-
Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewalls (WAF)s, a technology that is used to detect and prevent attacks. We put forward an approach of complementary machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF. The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.
- Año:
- 2018
- Idioma:
- Inglés
- Temas:
- Web Application Firewalls
Machine Learning
Anomaly Detection
One-class Classification
N-gram Analysis
- Institución:
- Universidad de la República
- Repositorio:
- COLIBRI
- Enlace(s):
- https://hdl.handle.net/20.500.12008/29280
- Nivel de acceso:
- Acceso abierto
