Improving Web Application Firewalls through Anomaly Detection

被引:16
作者
Betarte, Gustavo [1 ,2 ]
Gimenez, Eduardo [2 ]
Martinez, Rodrigo [1 ,2 ]
Pardo, Alvaro [3 ]
机构
[1] Univ Republica, Inst Computac, Montevideo, Uruguay
[2] Tilsor SA, Montevideo, Uruguay
[3] Univ Catolica Uruguay, Dept Ingn Elect, Montevideo, Uruguay
来源
2018 17TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA) | 2018年
关键词
Web Application Firewalls; Machine Learning; Anomaly Detection; One-class Classification; N-gram Analysis;
D O I
10.1109/ICMLA.2018.00124
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewalls (WAF)s, a technology that is used to detect and prevent attacks. We put forward an approach of complementary machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF. The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.
引用
收藏
页码:779 / 784
页数:6
相关论文
共 17 条
[1]  
[Anonymous], CISC2010 DATASET
[2]  
[Anonymous], ANOMALOUS WEB PAYLOA
[3]  
[Anonymous], 2007, P 18 INT C ECML PKDD
[4]  
[Anonymous], TECH REP
[5]  
[Anonymous], FEATURE EXTRACTION W
[6]  
[Anonymous], 2010, J. Inf. Assurance Secur.
[7]  
[Anonymous], TECH REP
[8]  
[Anonymous], ARXIV180305529
[9]  
Corona I., 2009, P ICC 2009, P1
[10]   MAXIMUM LIKELIHOOD FROM INCOMPLETE DATA VIA EM ALGORITHM [J].
DEMPSTER, AP ;
LAIRD, NM ;
RUBIN, DB .
JOURNAL OF THE ROYAL STATISTICAL SOCIETY SERIES B-METHODOLOGICAL, 1977, 39 (01) :1-38
12