MACHINE LEARNING BASED WEB APPLICATION FIREWALL

MACHINE LEARNING BASED WEB APPLICATION FIREWALL

A machine learning (ML) based web application firewall (WAF) is described. Transformation(s) are applied to raw data including normalizing and generating a signature over the normalized data. The signature and the normalized data are vectorized to create a first and second vector of integers respect...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Grover, Vikram, Gabor, Petre Gabriel, Robert, Nicholas Mikhail
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A machine learning (ML) based web application firewall (WAF) is described. Transformation(s) are applied to raw data including normalizing and generating a signature over the normalized data. The signature and the normalized data are vectorized to create a first and second vector of integers respectively. The first and second vector of integers are input into an ML model that uses a multiple stage process including a first stage that operates on the first vector of integers to identify candidate signature tokens that are commonly associated with different classes of attack, and a second stage that operates on the candidate signature tokens and the second vector of integers and conditions attention on the second vector of integers on the candidate signature tokens. The ML model outputs a score that indicates a probability of the raw data being of a type that is malicious. A traffic processing rule is enforced that instructs a WAF to block traffic when the score is above a threshold that indicates the raw data is of the type that is malicious.