Bypassing Web Application Firewalls Using Deep Reinforcement Learning

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

HEMMATI MOJTABA; HADAVI MOHAMMAD ALI

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY Year:2022 | Volume:14 | Issue:2 Page(s): 131-145

Download Full-Text

View:

125

Download:

177

Cites:

Information Journal Paper

Title

Bypassing Web Application Firewalls Using Deep Reinforcement Learning

Author(s)

HEMMATI MOJTABA | HADAVI MOHAMMAD ALI | Issue Writer Certificate

Keywords

Adversarial Machine Learning

Reinforcement Learning

SQL Injection

Web Application Firewall (WAF)

Abstract

Web application rewalls (WAFs) are used for protecting web applications from attacks such as SQL Injection, cross-site request forgery, and cross-site scripting. As a result of the growing complexity of web attacks, WAFs need to be tested and updated on a regular basis. There are various tools and techniques to verify the correct performance of a WAF. But most of the techniques are manual or use brute-force attacks, so su er from poor e cacy. In this work, we propose a solution based on Reinforcement Learning (RL) to discover malicious payloads, which are able to bypass WAFs. We provide an RL framework with an environment compatible with OpenAI gym toolset standards. The environment is employed for training agents to implement WAF circumvention tasks. The agent mutates the syntax of a malicious payload using a set of modi cation operators as actions, without changes to its semantic. Then, upon WAF's reaction to the payload, the environment ascertains a reward for the agent. Eventually, based on these rewards, the agent learns a suitable sequence of mutations for any malicious payload. The payloads, which bypass the WAF determine rules defects, which can be further used in rule tuning for rule-based WAFs. Also, it can enrich the machine learning-based WAFs datasets for retraining. We use Q-Learning, Advantage Actor-Critic (A2C), and Proximal Policy Optimization (PPO) algorithms with the deep neural network. Our solution is successful in evading signature-based and machine learning-based WAFs. While our focus in this work is on SQL Injection, the method can be simply extended to use for any string-based injection attacks.

Multimedia

No record.

Cites

No record.

References

No record.

Cite

APA: Copy

HEMMATI, MOJTABA, & HADAVI, MOHAMMAD ALI. (2022). Bypassing Web Application Firewalls Using Deep Reinforcement Learning. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 14(2), 131-145. SID. https://sid.ir/paper/979418/en

Vancouver: Copy

HEMMATI MOJTABA, HADAVI MOHAMMAD ALI. Bypassing Web Application Firewalls Using Deep Reinforcement Learning. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY[Internet]. 2022;14(2):131-145. Available from: https://sid.ir/paper/979418/en

IEEE: Copy

MOJTABA HEMMATI, and MOHAMMAD ALI HADAVI, “Bypassing Web Application Firewalls Using Deep Reinforcement Learning,” THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol. 14, no. 2, pp. 131–145, 2022, [Online]. Available: https://sid.ir/paper/979418/en

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans

No record.

Recommended Workshops