Litcius/Paper detail

WAFBooster: Automatic Boosting of WAF Security Against Mutated Malicious Payloads

Cong Wu, Jing Chen, Simeng Zhu, Wenqi Feng, Kun He, Ruiying Du, Yang Xiang

2024IEEE Transactions on Dependable and Secure Computing37 citationsDOI

Abstract

Web application firewall (WAF) examines malicious traffic to and from a web application via a set of security rules. It plays a significant role in securing Web applications against web attacks. However, as web attacks grow in sophistication, it is becoming increasingly difficult for WAFs to block the mutated malicious payloads designed to bypass their defenses. In response to this critical security issue, we have developed a novel learning-based framework called <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">WAFBooster</small>, designed to unveil potential bypasses in WAF detections and suggest rules to fortify their security. Using a combination of shadow models and payload generation techniques, we can identify malicious payloads and remove or modify them as needed. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">WAFBooster</small> generates signatures for these malicious payloads using advanced clustering and regular expression matching techniques to repair any security gaps we uncover. In our comprehensive evaluation of eight real-world WAFs, <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">WAFBooster</small> improved the true rejection rate of mutated malicious payloads from 21% to 96%, with no false rejections. <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">WAFBooster</small> achieves a false acceptance rate 3× lower than State-of-the-Art methods for generating malicious payloads. With <sc xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">WAFBooster</small>, we have taken a step forward in securing web applications against the ever-evolving threats.

Topics & Concepts

Boosting (machine learning)Computer scienceComputer securityArtificial intelligenceAdvanced Malware Detection TechniquesCryptographic Implementations and SecurityNetwork Security and Intrusion Detection