Artificial Intelligent Web Application Firewall for advanced detection of web injection attacks

Abstract

[EN]Currently, web services-based applications have an important presence in public and private organizations. The vulnerabilities that these types of applications may have pose an inherent potential risk to the business model of these organizations. These applications have the inherent risk of being used by organizations in such a way that their activity is affected and they become the main entry point for attackers who want to breach their security. The main barrier to this type of attack are web application firewalls (WAF), which are responsible for processing Hypertext Transfer Protocol requests between clients and web servers, classifying them and rejecting malicious requests. This type of (WAF) applications, for the most part, have regular expressions that correspond to general rules and allow detecting malicious requests that follow a pattern contained in them. However, due to the knowledge of these rules by attackers, it is easy to circumvent security and to impersonate a malicious request by an innocuous request. Therefore, in this article, we present a study of different models based on artificial intelligence techniques as Naïve Bayes, k-nearest neighbors, support vector machines, and linear regression to test their effectiveness in detecting malicious requests from a synthetic dataset containing more than 100,000 requests. The results obtained show that the implementation of these methods optimize the detection of malicious requests obtaining results between 92% and 99% of success in their classification.