Web Application Firewall Based On Machine Learning Models

Abstract

The increasing reliance on web applications for storing sensitive data and financial transactions has elevated the importance of web application security. A machine learning-based web application firewall was designed to protect web applications against injection vulnerabilities. A hybrid dataset, including CISC 2010, HTTPParams 2015, and real-time Hypertext Transfer Protocol (HTTP) requests, was employed. The study evaluated five classification algorithms-K-nearest neighbors, logistic regression, na & iuml;ve Bayes, support vector machine, and decision tree-for detecting cross site scripting (XSS), Structured Query Language (SQL) Injection, Operating System Command Injection, and Local File Inclusion attacks. Decision tree was identified as the algorithm with the highest precision, accuracy, recall, F1-score, receiver operating characteristic (ROC), and area under the curve (AUC) values. According to the confusion matrix analysis, the real-time tested web application firewalls (WAF) achieved a remarkably high F1 score of 93.13% and accuracy of 93.27%. The findings indicate that machine learning-based WAFs effectively protect web applications against injection threats. Future work includes expanding the WAF to cover other attack types and testing it on different datasets.