Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer their rules through a learning process. In this paper, we present WAF-A-MoLE, a WAF breaching tool. It uses guided mutational-based fuzzing to generate adversarial examples. The main applications include WAF (i) penetration testing, (ii) benchmarking and (iii) hardening.
WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs
Valenza, Andrea;Demetrio, Luca;Lagorio, Giovanni
2020-01-01
Abstract
Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer their rules through a learning process. In this paper, we present WAF-A-MoLE, a WAF breaching tool. It uses guided mutational-based fuzzing to generate adversarial examples. The main applications include WAF (i) penetration testing, (ii) benchmarking and (iii) hardening.
| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S2352711019302997-main.pdf
accesso aperto
Descrizione: Articolo su rivista
Tipologia:
Documento in versione editoriale
Dimensione
446.52 kB
Formato
Adobe PDF
|
446.52 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
