Signature-based and Machine-Learning-based Web Application Firewalls: A Short Survey

Applebaum, Simon, Gaber, Tarek and Ahmed, Ali ORCID: 0000-0002-7370-3044
(2021) Signature-based and Machine-Learning-based Web Application Firewalls: A Short Survey. In: ML-NLP4Cybersecurity: International Workshop on Machine Learning and Natural Language Processing for Cybersecurity, 2021-6-4 - 2021-6-5, Dubi, UAE.

Access the full-text of this item by clicking on the Open Access link.


Web Application Firewalls (WAF) have evolved to protect web applications from attack. A signature-based WAF responds to threats through the implementation of application-specific rules which block malicious traffic. However, these rules must be continually adapted to address evolving threats. The resultant rules can become complex and difficult to maintain, requiring that the administrator possesses a high-level of skills and detailed knowledge of the application. Not to mention the challenges of zero-day attacks! A WAF can deliver high rates of false positives and false negatives that can adversely impact the performance and can provide poor protection against zero-day attacks. This paper aims to provide a short review showing the development of WAFs based on machine-learning-based methods. It discusses their merits and limitations as well as identifying open issues. It assesses which of them can provide countermeasures to zero-day attacks and are easy to configure and maintain to keep them up to date. It was found that machine-learning-based methods have advantages over signature/rule-based methods as the former can address the vulnerability to zero-day attacks and can be easier to configure and keep up to date. The survey also determined that the effectiveness of machine-learning-based WAFs in protecting current attack patterns targeting web application frameworks is still an open area for further investigation.

Item Type: Conference or Workshop Item (Unspecified)
Uncontrolled Keywords: Web Application Firewalls, WAF, Machine learning, signature-based WAF, Zero-day attacks, ModSecurity, OWASP, XSS, SRF
Divisions: Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science
Depositing User: Symplectic Admin
Date Deposited: 23 Dec 2021 16:29
Last Modified: 18 Jan 2023 21:18
DOI: 10.1016/j.procs.2021.05.105
Open Access URL:
Related URLs: