Learning web application firewall - benefits and caveats

Authors:
Dariusz Pałka;Marek Zachara
Affiliations:
Pedagogical University of Cracow, Poland;University of Science and Technology (AGH) Cracow, Poland
Venue:
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Year:
2011

Citing 15
Cited 0

Recent advances of grammatical inference

Theoretical Computer Science - Special issue on algorithmic learning theory
Inductive Inference: Theory and Methods

ACM Computing Surveys (CSUR)
Inductive Inference, DFAs, and Computational Complexity

AII '89 Proceedings of the International Workshop on Analogical and Inductive Inference
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Inducing grammars from sparse data sets: a survey of algorithms and results

The Journal of Machine Learning Research
Anomaly detection of web-based attacks

Proceedings of the 10th ACM conference on Computer and communications security
Network traffic anomaly detection based on packet bytes

Proceedings of the 2003 ACM symposium on Applied computing
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Hunting Security Bugs

Hunting Security Bugs
Learning DFA representations of HTTP for protecting web applications

Computer Networks: The International Journal of Computer and Telecommunications Networking
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion Detection Systems

Intrusion Detection Systems
A multi-model approach to the detection of web-based attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Algorithms for learning regular expressions

ALT'05 Proceedings of the 16th international conference on Algorithmic Learning Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

The paper discusses selected issues related to the implementation and deployment of the Web Application Firewall that protects the target application by verifying the incoming requests and their parameters through matching them against recorded usage patterns. These patterns in turn are learned from the traffic generated by the users of the application. Since many web applications, including these operated by the government, are prone to exploits, there is a need to introduce new easily implementable methods of protection to prevent unauthorized access to sensitive data. A Learning Web Application Firewall offers a flexible, application-tailored, yet easy to deploy solution. There are certain concerns, however, regarding the classification of data that is used for the learning process which can, in certain cases, impair the firewall ability to classify traffic correctly. These concerns are discussed on the basis of reference implementation prepared by the authors.