An Adaptive Web Application Firewall

Miguel Calvo, Marta Beltrán

2022

Abstract

Web Application Firewalls (WAFs) are security products responsible for protecting web applications with minimal cost and effort; by filtering, monitoring, and blocking HTTP traffic. Traditional WAFs work with a rule-based approach, applying predetermined rules when the signatures of known attack patterns or traffic anomalies are identified. This kind of design has suffered significant limitations in specific contexts since it is impossible to configure the WAF the first time and rely on that configuration over time. This paper proposes an adaptive WAF capable of context-aware risk-based adaptation, changing its configuration to every specific scenario, depending on the current value of risk indicators and on the level of risk tolerated at any given time. The proposed solution is implemented, validated and evaluated in a real use case.

Paper Citation

in Harvard Style

Calvo M. and Beltrán M. (2022). An Adaptive Web Application Firewall. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 96-107. DOI: 10.5220/0011146900003283

in Bibtex Style

@conference{secrypt22,
author={Miguel Calvo and Marta Beltrán},
title={An Adaptive Web Application Firewall},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={96-107},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011146900003283},
isbn={978-989-758-590-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - An Adaptive Web Application Firewall
SN - 978-989-758-590-6
AU - Calvo M.
AU - Beltrán M.
PY - 2022
SP - 96
EP - 107
DO - 10.5220/0011146900003283