A Self-learning Anomaly-Based Web Application Firewall
- 845 Downloads
A simple and effective web application firewall is presented. This system follows the anomalous approach, therefore it can detect both known and unknown web attacks. The system decides whether the incoming requests are attacks or not aided by an XML file. The XML file contains the normal behavior of the target web application statistically characterized and is built from a set of normal requests artificially generated. Any request which deviates from the normal behavior is considered anomalous. The system has been applied to protect a real web application. An increasing number of training requests have been used to train the system. Experiments show that when the XML file has enough data to closely characterize the normal behaviour of the target web application, a very high detection rate is reached while the false alarm rate ramains very low.
Unable to display preview. Download preview PDF.
- 1.Alvarez, G., Petrovic, S.: A new taxonomy of Web attacks suitable for efficient encoding. Computers and Security 22(5), 453–449 (2003)Google Scholar
- 5.Bolzoni, D., Zambon, E.: Sphinx: An anomaly-based web intrusion detection system. In: Workshop on Intrusion Detection Systems, Utrecht, The Netherlands, 14 pages (2007)Google Scholar
- 6.ModSecurity. Open Source signature-based Web Application Firewall (2009), http://www.modsecurity.org
- 7.Provost, F., Fawcett, T., Kohavi, R.: The case against accuracy estimation for comparing induction algorithms. In: Proceedings of the 15th International Conference on Machine Learning. Morgan Kaufmann, San Francisco (1998)Google Scholar