Por favor, use este identificador para citar o enlazar este ítem:
https://hdl.handle.net/20.500.12008/29283
Cómo citar
Título: | Machine learning-assisted virtual patching of web applications |
Autor: | Betarte, Gustavo Giménez, Eduardo Martínez, Rodrigo Pardo, Álvaro |
Tipo: | Preprint |
Palabras clave: | Web Application Firewalls, Machine Learning, Anomaly Detection, One-class Classification, n-grams |
Fecha de publicación: | 2018 |
Resumen: | Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewall (WAF), a technology that is used to detect and prevent attacks. We propose a combined approach of
machine learning models, based on one-class classification and n-gram analysis, to enhance the detection and accuracy capabilities of MODSECURITY, an open source and widely used WAF.
The results are promising and outperform MODSECURITY when configured with the OWASP Core Rule Set, the baseline configuration setting of a widely deployed, rule-based WAF technology.
The proposed solution, combining both approaches, allow us to deploy a WAF when no training data for the application is available (using one-class classification), and an improved one using n-grams when training data is available. |
Descripción: | Computing Research Repository (CoRR), ArXiv, abs/1803.05529, mar. 2018. |
Citación: | Betarte, G., Giménez, E., Martínez, R. y otros. Machine learning-assisted virtual patching of web applications [Preprint]. Publicado en: Computing Research Repository (CoRR), ArXiv, abs/1803.05529, mar. 2018. |
Licencia: | Licencia Creative Commons Atribución - No Comercial - Sin Derivadas (CC - By-NC-ND 4.0) |
Aparece en las colecciones: | Reportes Técnicos - Instituto de Computación |
Ficheros en este ítem:
Fichero | Descripción | Tamaño | Formato | ||
---|---|---|---|---|---|
BGMP18.pdf | Preprint | 466,23 kB | Adobe PDF | Visualizar/Abrir |
Este ítem está sujeto a una licencia Creative Commons Licencia Creative Commons