Signature-based and Machine-Learning-based Web Application Firewalls: A Short Survey

摘要

Web Application Firewalls (WAF) have evolved to protect web applications from attack. A signature-based WAF responds to threats through the implementation of application-specific rules which block malicious traffic. However, these rules must be continually adapted to address evolving threats. The resultant rules can become complex and difficult to maintain, requiring that the administrator possesses a high-level of skills and detailed knowledge of the application. Not to mention the challenges of zero-day attacks! A WAF can deliver high rates of false positives and false negatives that can adversely impact the performance and can provide poor protection against zero-day attacks. This paper aims to provide a short review showing the development of WAFs based on machine-learning-based methods. It discusses their merits and limitations as well as identifying open issues. It assesses which of them can provide countermeasures to zero-day attacks and are easy to configure and maintain to keep them up to date. It was found that machine-learning-based methods have advantages over signature/rule-based methods as the former can address the vulnerability to zero-day attacks and can be easier to configure and keep up to date. The survey also determined that the effectiveness of machine-learning-based WAFs in protecting current attack patterns targeting web application frameworks is still an open area for further investigation.