This paper focuses on the development of a Web Application Firewall (WAF) aimed at providing robust protection while complying with at least two core recommendations from the Open Web Application Security Project (OWASP). The advent of the internet has revolutionized our lives and, concurrently, web-based applications have surged in popularity, offering a myriad of services ranging from online shopping to banking and educational courses. Web applications and APIs, integral components in internet data transfer, regularly send and receive data. These applications often house sensitive information necessitating stringent protective measures. Their role and the data they handle are pivotal in the context of today’s digital infrastructure. The datasets for this study were procured from different sources, subsequently cleansed, and narrowed down to a final selection of 140,000 entries. This includes 85% normal requests and 15% of malicious requests, specifically SQL injection and XSS attacks. The employed methodology encompassed training four machine learning models, with the Support Vector Machine (SVM) emerging as the most efficient based on specific criteria. These criteria included metrics such as Accuracy, Precision, Recall, and F1-score. This study hence presents a comprehensive approach to bolster web application security using machine learning techniques.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Machine Learning-Based Web Application Firewalls for SQL Injection and XSS Prevention

  • Alin Zamfiroiu,
  • George Orzănescu,
  • Joe Francom,
  • Noaman Syed Ali

摘要

This paper focuses on the development of a Web Application Firewall (WAF) aimed at providing robust protection while complying with at least two core recommendations from the Open Web Application Security Project (OWASP). The advent of the internet has revolutionized our lives and, concurrently, web-based applications have surged in popularity, offering a myriad of services ranging from online shopping to banking and educational courses. Web applications and APIs, integral components in internet data transfer, regularly send and receive data. These applications often house sensitive information necessitating stringent protective measures. Their role and the data they handle are pivotal in the context of today’s digital infrastructure. The datasets for this study were procured from different sources, subsequently cleansed, and narrowed down to a final selection of 140,000 entries. This includes 85% normal requests and 15% of malicious requests, specifically SQL injection and XSS attacks. The employed methodology encompassed training four machine learning models, with the Support Vector Machine (SVM) emerging as the most efficient based on specific criteria. These criteria included metrics such as Accuracy, Precision, Recall, and F1-score. This study hence presents a comprehensive approach to bolster web application security using machine learning techniques.