@inproceedings{f92a28a2170c4f229241999b4f5649b7,
title = "Web Application Attacks Detection Using Machine Learning Techniques",
abstract = "Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the use of machine learning techniques to leverage the performance of Web Application Firewalls (WAFs), systems that are used to detect and prevent attacks. We propose a characterization of the problem by defining different scenarios depending if we have valid and/or attack data available for training. We also propose two solutions: first a multi-class approach for the scenario when valid and attack data is available; and second a one-class solution when only valid data is at hand. We present results using both approaches that outperform MODSECURITY configured with the OWASP Core Rule Set out of the box, which is the baseline configuration setting of a widely deployed WAF technology. We also propose a tagged dataset based on the DRUPAL content management framework.",
keywords = "Machine Learning, Pattern Recognition, Web Application Firewall, Web Application Security",
author = "Gustavo Betarte and Alvaro Pardo and Rodrigo Martinez",
note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018 ; Conference date: 17-12-2018 Through 20-12-2018",
year = "2018",
month = jul,
day = "2",
doi = "10.1109/ICMLA.2018.00174",
language = "Ingl{\'e}s",
series = "Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "1065--1072",
editor = "Wani, {M. Arif} and Mehmed Kantardzic and Moamar Sayed-Mouchaweh and Joao Gama and Edwin Lughofer",
booktitle = "Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018",
}