A new WAF architecture with machine learning for resource-efficient use. Issue 106 (July 2021)
- Record Type:
- Journal Article
- Title:
- A new WAF architecture with machine learning for resource-efficient use. Issue 106 (July 2021)
- Main Title:
- A new WAF architecture with machine learning for resource-efficient use
- Authors:
- Domingues Junior, Manoel
Ebecken, Nelson F.F. - Abstract:
- Abstract: Web Application Firewalls penalizes everyone, including latency in all requests, whether they are malicious or not. Several studies have reported the benefits of using Machine Learning to extract new rules to detect malware and malicious web requests. However, comparing the metrics of the models with their use of computational resources remains to be accomplished. This work aims to show a distributed WAF architecture, using ML classifiers as one of its components. Instead of having an enforcement point that analyzes the complete HTTP protocol for violations in this architecture, we have a trained classifier to detect them. The first part of this work verifies the viability of using classifiers based on their metrics, such as accuracy and recall. We analyze two datasets and make comparisons about their use. The second part of this paper compares ML models' prediction processing time and a rules-based engine's processing time. The classifiers used in this paper had a processing time of about 18x less than a rule-based engine. We also show that a classifier can find errors in the classification of a dataset generated by a WAF based on rules. We present samples and experimental codes to show the difference in approaches.
- Is Part Of:
- Computers & security. Issue 106(2021)
- Journal:
- Computers & security
- Issue:
- Issue 106(2021)
- Issue Display:
- Volume 106, Issue 106 (2021)
- Year:
- 2021
- Volume:
- 106
- Issue:
- 106
- Issue Sort Value:
- 2021-0106-0106-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-07
- Subjects:
- Web application firewall -- SVM -- Perceptron -- Logistic regression -- Benchmark -- Modsecurity -- OWASP CRS
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2021.102290 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 17109.xml