WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning
This addresses security vulnerabilities in web applications for users and organizations, but is incremental as it builds on existing adversarial machine learning techniques.
The paper tackles the problem of bypassing machine learning-based Web Application Firewalls (WAFs) by crafting malicious payloads that evade syntactic analysis, and shows that their tool, WAF-A-MoLE, successfully bypasses all considered WAFs.
Web Application Firewalls are widely used in production environments to mitigate security threats like SQL injections. Many industrial products rely on signature-based techniques, but machine learning approaches are becoming more and more popular. The main goal of an adversary is to craft semantically malicious payloads to bypass the syntactic analysis performed by a WAF. In this paper, we present WAF-A-MoLE, a tool that models the presence of an adversary. This tool leverages on a set of mutation operators that alter the syntax of a payload without affecting the original semantics. We evaluate the performance of the tool against existing WAFs, that we trained using our publicly available SQL query dataset. We show that WAF-A-MoLE bypasses all the considered machine learning based WAFs.