Abstract
Web Application Firewalls penalizes everyone, including latency in all requests, whether they are malicious or not. Several studies have reported the benefits of using Machine Learning to extract new rules to detect malware and malicious web requests. However, comparing the metrics of the models with their use of computational resources remains to be accomplished. This work aims to show a distributed WAF architecture, using ML classifiers as one of its components. Instead of having an enforcement point that analyzes the complete HTTP protocol for violations in this architecture, we have a trained classifier to detect them. The first part of this work verifies the viability of using classifiers based on their metrics, such as accuracy and recall. We analyze two datasets and make comparisons about their use. The second part of this paper compares ML models’ prediction processing time and a rules-based engine’s processing time. The classifiers used in this paper had a processing time of about 18x less than a rule-based engine. We also show that a classifier can find errors in the classification of a dataset generated by a WAF based on rules. We present samples and experimental codes to show the difference in approaches.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
