Visible to the public Using Deep Reinforcement Learning to Evade Web Application Firewalls

TitleUsing Deep Reinforcement Learning to Evade Web Application Firewalls
Publication TypeConference Paper
Year of Publication2021
AuthorsHemmati, Mojtaba, Hadavi, Mohammad Ali
Conference Name2021 18th International ISC Conference on Information Security and Cryptology (ISCISC)
Date Publishedsep
KeywordsAdversarial Machine Learning, Firewalls (computing), pubcrawl, q-learning, reinforcement learning, resilience, Resiliency, Scalability, Semantics, signature based defense, SQL Injection, Task Analysis, Training, Tuning, Web Application Firewall (WAF)
AbstractWeb application firewalls (WAF) are the last line of defense in protecting web applications from application layer security threats like SQL injection and cross-site scripting. Currently, most evasion techniques from WAFs are still developed manually. In this work, we propose a solution, which automatically scans the WAFs to find payloads through which the WAFs can be bypassed. Our solution finds out rules defects, which can be further used in rule tuning for rule-based WAFs. Also, it can enrich the machine learning-based dataset for retraining. To this purpose, we provide a framework based on reinforcement learning with an environment compatible with OpenAI gym toolset standards, employed for training agents to implement WAF evasion tasks. The framework acts as an adversary and exploits a set of mutation operators to mutate the malicious payload syntactically without affecting the original semantics. We use Q-learning and proximal policy optimization algorithms with the deep neural network. Our solution is successful in evading signature-based and machine learning-based WAFs.
DOI10.1109/ISCISC53448.2021.9720473
Citation Keyhemmati_using_2021