Web Application Firewall Using Machine Learning and Features Engineering

Shaheed, Aref; Kurdy, Mohamad-Bassam

doi:10.1155/2022/5280158

Cited by 18 publications

(8 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed model analyzes incoming requests to the web server, parses these requests to extract four features that describe completely HTTP request parts (URL, payload, and headers), and classifies whether a request is normal or an anomaly. The model achieved a classification accuracy of 99.6% with datasets used in research studies in this field and 98.8% with datasets of real web servers [3].…”

Section: Literature Surveymentioning

confidence: 95%

See 1 more Smart Citation

Neural Network-Based Web Security Firewall

2023

IRJMETS

View full text Add to dashboard Cite

In the contemporary digital landscape, the security of web applications is a pressing concern. Cyber threats continue to evolve, challenging the resilience of existing defense mechanisms. This project introduces an innovative Web Application Firewall (WAF) strengthened by Neural Network (NN) technologies. The primary aim of this project is to enhance web application security by proactively identifying and thwarting malicious attacks. Leveraging deep learning techniques, the NN-based WAF analyzes incoming HTTP requests in real time, distinguishing between legitimate and potentially harmful traffic. Through meticulous data collection, feature engineering, and model training, the WAF exhibits robust and adaptive behavior. This project represents a pivotal advancement in web application security. By harnessing the power of neural networks, it provides real-time protection against a wide spectrum of cyber threats. The NN-based WAF adapts to the evolving threat landscape, making it an indispensable tool for safeguarding web applications in an era of dynamic and persistent security challenges.

show abstract

Section: Literature Surveymentioning

confidence: 95%

“…CSIC: This dataset contains HTTP traffic data collected from a real web application. It includes both normal and malicious traffic and has been widely used in previous research studies[3].3. HTTP Params: This dataset contains HTTP traffic data collected from a real web application.…”

mentioning

confidence: 99%

Neural Network-Based Web Security Firewall

2023

IRJMETS

View full text Add to dashboard Cite

show abstract

“…Machine Learning (ML) has revolutionized a myriad of sectors in the contemporary digital ecosystem, from healthcare to finance, and its importance cannot be understated when discussing cybersecurity and intrusion detection. At its core, machine learning is a subset of artificial intelligence that employs algorithms allowing computers to learn and make decisions or predictions from data without explicit programming [25], [26].…”

Section: Machine Learningmentioning

confidence: 99%

Model Design of Intrusion Detection System on Web Server Using Machine Learning Based

Tedyyana,

Ghazali,

Purbo

2024

Proceedings of the 11th International Applied Business and Engineering Conference, ABEC 2023, September 21st, 2023, Bengkalis,

View full text Add to dashboard Cite

In the current era of information technology development, web server security has become a primary concern in maintaining data integrity, confidentiality, and availability. With the emergence of increasingly complex and evolving cyber threats, Intrusion Detection Systems (IDS) play a crucial role in addressing these challenges. In this research, we propose an innovative approach to enhance web server security by implementing an Intrusion Detection System empowered with Machine Learning Algorithms. In the pursuit of enhancing web server security, this research delves into designing an Intrusion Detection System (IDS) empowered by Machine Learning (ML). The foundation of this approach hinges on transparent public datasets, subjected to intensive pre-processing steps such as data cleaning, normalization, and feature selection. After refining, the data steers ML algorithms to discern potential cyber threats from standard patterns. The novel ML-based IDS showcases an ability superior to traditional systems, with the prowess to differentiate between benign and malicious activities. A salient feature of this IDS is its real-time alert mechanism on Telegram, ensuring immediate notification to security teams upon potential breach detection. Comparative results accentuate the model's enhanced accuracy and a significant reduction in false alarms. This study substantiates the utility of ML in elevating cybersecurity measures and paves the way for deeper investigations into advanced web server protective mechanisms.

show abstract

“…Validated through a Web Application Filter (WAF) use case, RiAS showcases the potential of adaptive, risk-based security measures to respond dynamically to threats, underscoring its relevance in modern, heterogeneous computing contexts. Shaheed et al [24] presents an advanced web application firewall model leveraging machine learning and feature engineering to detect web attacks. This model uniquely analyzes entire HTTP requests, including URL, payload, and headers, by extracting four key features: request length, percentages of allowed and special characters, and an attack weight.…”

Section: Literature Reviewmentioning

confidence: 99%

Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT)

Alquwayzani,

Aldossri,

Frikha

2024

ijacsa

View full text Add to dashboard Cite

In today's digital age, both organizations and individuals heavily depend on web applications for a wide range of activities. However, this reliance on the web also opens up opportunities for attackers to exploit security weaknesses present in these applications. Web Application Firewalls (WAFs) are typically the first line of defense, protecting web apps by filtering and monitoring HTTP traffic. However, if these firewalls are not properly configured, they can be bypassed or compromised by attackers. The escalating number of attacks targeting web applications underscores the urgent need to enhance their security. This paper offers an in-depth review of existing research on web application Vulnerability Assessment and Penetration Testing (VAPT). Our unique contribution lies in the comprehensive synthesis and categorization of VAPT tools based on their optimal use cases, which provides a practical guide for selecting the appropriate tools for specific scenarios. Additionally, this study integrates emerging technologies such as artificial intelligence and machine learning into the VAPT framework, addressing the evolving nature of cyber threats. The paper also identifies common challenges encountered during the VAPT process and proposes actionable recommendations to overcome these obstacles. Furthermore, it discusses best practices such as secure coding practices and defense-in-depth strategies to improve the effectiveness and efficiency of VAPT efforts. By offering these insights, this paper aims to advance the current understanding and application of VAPT in enhancing the security of web applications and firewalls.

show abstract

Web Application Firewall Using Machine Learning and Features Engineering

Cited by 18 publications

References 26 publications

Neural Network-Based Web Security Firewall

Neural Network-Based Web Security Firewall

Model Design of Intrusion Detection System on Web Server Using Machine Learning Based

Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT)

Contact Info

Product

Resources

About