Improving Web Application Firewalls through Anomaly Detection

Gustavo Betarte; Eduardo Gimenez; Rodrigo Martinez; Alvaro Pardo

doi:10.1109/ICMLA.2018.00124

Improving Web Application Firewalls through Anomaly Detection

Gustavo Betarte
, Eduardo Gimenez
, Rodrigo Martinez
, Alvaro Pardo

Department of Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

27 Scopus citations

Abstract

Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewalls (WAF)s, a technology that is used to detect and prevent attacks. We put forward an approach of complementary machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF. The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.

Original language	English
Title of host publication	Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018
Editors	M. Arif Wani, Mehmed Kantardzic, Moamar Sayed-Mouchaweh, Joao Gama, Edwin Lughofer
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	779-784
Number of pages	6
ISBN (Electronic)	9781538668047
DOIs	https://doi.org/10.1109/ICMLA.2018.00124
State	Published - 2 Jul 2018
Event	17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018 - Orlando, United States Duration: 17 Dec 2018 → 20 Dec 2018

Publication series

Name	Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018

Conference

Conference	17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018
Country/Territory	United States
City	Orlando
Period	17/12/18 → 20/12/18

Keywords

Anomaly Detection
Machine Learning
N-gram Analysis
One-class Classification
Web Application Firewalls

Access to Document

10.1109/ICMLA.2018.00124

Cite this

Betarte, G., Gimenez, E., Martinez, R., & Pardo, A. (2018). Improving Web Application Firewalls through Anomaly Detection. In M. A. Wani, M. Kantardzic, M. Sayed-Mouchaweh, J. Gama, & E. Lughofer (Eds.), Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018 (pp. 779-784). Article 8614149 (Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICMLA.2018.00124

Betarte, Gustavo ; Gimenez, Eduardo ; Martinez, Rodrigo et al. / Improving Web Application Firewalls through Anomaly Detection. Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018. editor / M. Arif Wani ; Mehmed Kantardzic ; Moamar Sayed-Mouchaweh ; Joao Gama ; Edwin Lughofer. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 779-784 (Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018).

@inproceedings{bff57a71a86543c4b5ea0eb7d9e83ca4,

title = "Improving Web Application Firewalls through Anomaly Detection",

abstract = "Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewalls (WAF)s, a technology that is used to detect and prevent attacks. We put forward an approach of complementary machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF. The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.",

keywords = "Anomaly Detection, Machine Learning, N-gram Analysis, One-class Classification, Web Application Firewalls",

author = "Gustavo Betarte and Eduardo Gimenez and Rodrigo Martinez and Alvaro Pardo",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018 ; Conference date: 17-12-2018 Through 20-12-2018",

year = "2018",

month = jul,

day = "2",

doi = "10.1109/ICMLA.2018.00124",

language = "Ingl{\'e}s",

series = "Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "779--784",

editor = "Wani, \{M. Arif\} and Mehmed Kantardzic and Moamar Sayed-Mouchaweh and Joao Gama and Edwin Lughofer",

booktitle = "Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018",

}

Betarte, G, Gimenez, E, Martinez, R & Pardo, A 2018, Improving Web Application Firewalls through Anomaly Detection. in MA Wani, M Kantardzic, M Sayed-Mouchaweh, J Gama & E Lughofer (eds), Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018., 8614149, Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018, Institute of Electrical and Electronics Engineers Inc., pp. 779-784, 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018, Orlando, United States, 17/12/18. https://doi.org/10.1109/ICMLA.2018.00124

Improving Web Application Firewalls through Anomaly Detection. / Betarte, Gustavo; Gimenez, Eduardo; Martinez, Rodrigo et al.
Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018. ed. / M. Arif Wani; Mehmed Kantardzic; Moamar Sayed-Mouchaweh; Joao Gama; Edwin Lughofer. Institute of Electrical and Electronics Engineers Inc., 2018. p. 779-784 8614149 (Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Improving Web Application Firewalls through Anomaly Detection

AU - Betarte, Gustavo

AU - Gimenez, Eduardo

AU - Martinez, Rodrigo

AU - Pardo, Alvaro

PY - 2018/7/2

Y1 - 2018/7/2

N2 - Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewalls (WAF)s, a technology that is used to detect and prevent attacks. We put forward an approach of complementary machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF. The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.

AB - Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewalls (WAF)s, a technology that is used to detect and prevent attacks. We put forward an approach of complementary machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF. The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.

KW - Anomaly Detection

KW - Machine Learning

KW - N-gram Analysis

KW - One-class Classification

KW - Web Application Firewalls

UR - https://www.scopus.com/pages/publications/85062209887

U2 - 10.1109/ICMLA.2018.00124

DO - 10.1109/ICMLA.2018.00124

M3 - Contribución a la conferencia

AN - SCOPUS:85062209887

T3 - Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018

SP - 779

EP - 784

BT - Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018

A2 - Wani, M. Arif

A2 - Kantardzic, Mehmed

A2 - Sayed-Mouchaweh, Moamar

A2 - Gama, Joao

A2 - Lughofer, Edwin

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018

Y2 - 17 December 2018 through 20 December 2018

ER -

Betarte G, Gimenez E, Martinez R, Pardo A. Improving Web Application Firewalls through Anomaly Detection. In Wani MA, Kantardzic M, Sayed-Mouchaweh M, Gama J, Lughofer E, editors, Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 779-784. 8614149. (Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018). doi: 10.1109/ICMLA.2018.00124

Improving Web Application Firewalls through Anomaly Detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this