Proceedings of the 35th Annual ACM Symposium on Applied Computing 2020
DOI: 10.1145/3341105.3373962
|View full text |Cite
|
Sign up to set email alerts
|

WAF-A-MoLE

Abstract: Web Application Firewalls are widely used in production environments to mitigate security threats like SQL injections. Many industrial products rely on signature-based techniques, but machine learning approaches are becoming more and more popular. The main goal of an adversary is to craft semantically malicious payloads to bypass the syntactic analysis performed by a WAF.In this paper, we present WAF-A-MoLE, a tool that models the presence of an adversary. This tool leverages on a set of mutation operators tha… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
6
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 15 publications
(6 citation statements)
references
References 28 publications
0
6
0
Order By: Relevance
“…Furthermore, RAT can only test rule-based WAFs, and it cannot be used alone to test Ml-based WAFs. Nevertheless, RAT is capable of being combined with generative adversarial techniques (e.g., WAF-A-MoLE [15]) to reduce its dependency on datasets and test Ml-based WAFs.…”
Section: Discussionmentioning
confidence: 99%
See 3 more Smart Citations
“…Furthermore, RAT can only test rule-based WAFs, and it cannot be used alone to test Ml-based WAFs. Nevertheless, RAT is capable of being combined with generative adversarial techniques (e.g., WAF-A-MoLE [15]) to reduce its dependency on datasets and test Ml-based WAFs.…”
Section: Discussionmentioning
confidence: 99%
“…Elderman et al [22] simulated an adversarial cybersecurity game in which an attacker and a defender are two adversarial agents that use reinforcement learning techniques to win the game. Demetrio et al [15] proposed WAF-A-MoLE, an adversarial method for mutating attack strings to bypass ML-Based WAFs. Mostly, adversarial methods aim to bypass ML-Based WAFs, whereas our method targets signature-based WAFs.…”
Section: Adversarialmentioning
confidence: 99%
See 2 more Smart Citations
“…Evading web application firewalls through adversarial machine learning has been presented in [49]. They have presented WAF-A-MoLE, a tool that models the presence of an adversary.…”
Section: Related Workmentioning
confidence: 99%