September 1, 2021
Students: Nicolas Montes
Tutors: <a href=https://www.fing.edu.uy/inco/grupos/gsi/en/team/gustavo-betarte/>Gustavo Betarte</a>, Alvaro Pardo
In the thesis, we present the use of deep learning techniques to improve the performance of Web Application Firewalls (WAFs), systems that are used to detect and prevent attacks to web applications. Typically a WAF inspects the HyperText Transfer Protocol (HTTP) requests that are exchanged between client and server to spot attacks and block potential threats. We model the problem as a one-class supervised case and build a feature extractor using a deep learning technique. We treat the HTTP requests as text and train a deep language model with a transformer encoder architecture which is a self- attention-based neural network. The use of pre-trained language models has yielded significant improvements on a diverse set of NLP tasks because they are capable of doing transfer learning. We use the pre-trained model as a feature extractor to map the HTTP requests into feature vectors. Then, these vectors are used to train a one-class classifier. We also use an established performance metric to define an operational point for the one-class model automatically. The experimental results show that the proposed approach outperforms the ones of the classic rule-based ModSecurity configured with a vanilla CRS and does not require the participation of a security expert to define the features.