Research On Security Evaluation Of WAF Based On Machine Learning

Web security threats have become a security focus that individuals and businesses cannot ignore as Web applications and services are exploding and the corresponding attacks are becoming increasingly rampant.WAF is the most common protection against web applications as the first line of defense.With the development and application of machine learning technology,machine learning-based WAFs have become a new direction of WAF development,solving the problem of traditional rule-based WAF detection with low efficiency,complex maintenance and difficulty in detecting new types of Web attacks.However,most machine leanring based WAFs have not been evaluated for security,which is a major vulnerability to Web security.In response to this problem,this paper proposes a method for security Evaluation of machine learning based WAFs through attack.The main work and innovations of this paper are as follows:1.This paper first summarizes and introduces the security threats and corresponding attack methods faced by commonly used machine learning algorithms in WAF,and focuses on the analysis of countermeasures,information leakage related attacks and poisoning attacks.2.A scalable quantitative evaluation model SQSE-Model is proposed.The model first classifies the attacks faced by machine learning WAF algorithms from three aspects: confidentiality,integrity and availability.Each attack is used as a module in the evaluation model and all modules are interconnected by data flow.The evaluation model then parameterizes the data stream,gives its calculations,and a quantitative evaluation method for each attack module;Finally,a set of digital evaluation results for the target WAF will be given in terms of confidentiality,integrity and availability.3.An URL adversarial examples generation algorithm based on the attention mechanism is proposed,solveing the problem that the adversarial examples generation method in the field of text does not apply to the special text format of URL.Based on the algorithm,the implementation of adversarial attacks in the WAF integrity assessment is implemented in the SQSE-Model.The algorithm first obtains a shadow model through model extraction attack,infers the words in the model that have higher contribution to the decision according to the attention value in the shadow model,and then decides the high contribution word through the attributes of the special characters in the URL.The classification is performed,and finally the iterative character-level perturbation of the value of each key-value pair in the sample URL is performed according to the designed strategy until the disturbance end condition is reached.4.Three representative evaluation objects,URLNet,HMM WAF and SVM WAF,were selected for experiments.According to the characteristics of each evaluation object and the environment settings,the attack route for the evaluation object is obtained.Due to the limitations of the conditions,the experiment carried out an attack against confidentiality and integrity,and finally gave a quantitative calculation result.The experimental results show that the proposed URL against sample generation algorithm is feasible and effective.The proposed evaluation model has good adaptability and can provide a new idea for the security assessment based on machine learning WAF.