TY - GEN
T1 - Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks
AU - Appelt, Dennis
AU - Panichella, Annibale
AU - Briand, Lionel
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/11/14
Y1 - 2017/11/14
N2 - Testing and fixing Web Application Firewalls (WAFs) are two relevant and complementary challenges for security analysts. Automated testing helps to cost-effectively detect vulnerabilities in a WAF by generating effective test cases, i.e., attacks. Once vulnerabilities have been identified, the WAF needs to be fixed by augmenting its rule set to filter attacks without blocking legitimate requests. However, existing research suggests that rule sets are very difficult to understand and too complex to be manually fixed. In this paper, we formalise the problem of fixing vulnerable WAFs as a combinatorial optimisation problem. To solve it, we propose an automated approach that combines machine learning with multi-objective genetic algorithms. Given a set of legitimate requests and bypassing SQL injection attacks, our approach automatically infers regular expressions that, when added to the WAF2019;s rule set, prevent many attacks while letting legitimate requests go through. Our empirical evaluation based on both open-source and proprietary WAFs shows that the generated filter rules are effective at blocking previously identified and successful SQL injection attacks (recall between 54.6% and 98.3%), while triggering in most cases no or few false positives (false positive rate between 0% and 2%).
AB - Testing and fixing Web Application Firewalls (WAFs) are two relevant and complementary challenges for security analysts. Automated testing helps to cost-effectively detect vulnerabilities in a WAF by generating effective test cases, i.e., attacks. Once vulnerabilities have been identified, the WAF needs to be fixed by augmenting its rule set to filter attacks without blocking legitimate requests. However, existing research suggests that rule sets are very difficult to understand and too complex to be manually fixed. In this paper, we formalise the problem of fixing vulnerable WAFs as a combinatorial optimisation problem. To solve it, we propose an automated approach that combines machine learning with multi-objective genetic algorithms. Given a set of legitimate requests and bypassing SQL injection attacks, our approach automatically infers regular expressions that, when added to the WAF2019;s rule set, prevent many attacks while letting legitimate requests go through. Our empirical evaluation based on both open-source and proprietary WAFs shows that the generated filter rules are effective at blocking previously identified and successful SQL injection attacks (recall between 54.6% and 98.3%), while triggering in most cases no or few false positives (false positive rate between 0% and 2%).
KW - Regular Expression Inference
KW - Web Application Firewalls
KW - Web Security
UR - http://www.scopus.com/inward/record.url?scp=85040782546&partnerID=8YFLogxK
U2 - 10.1109/ISSRE.2017.28
DO - 10.1109/ISSRE.2017.28
M3 - Conference contribution
AN - SCOPUS:85040782546
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 339
EP - 350
BT - Proceedings - 2017 IEEE 28th International Symposium on Software Reliability Engineering, ISSRE 2017
PB - IEEE Computer Society
T2 - 28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017
Y2 - 23 October 2017 through 26 October 2017
ER -