Web applications have become critical components of modern digital infrastructure, making them frequent targetsof cyberattacks such as SQL injection, cross-site scripting, command injection, and directory traversal. Traditional Web Application Firewalls rely primarily on signature-based rule matchingandoftenfailtodetectobfuscatedorpreviouslyunseen attacks. This paper proposes an AI-enhanced Web Application Firewall that combines signature-based detection with machine learning-basedanomalydetectionforintelligentreal-timerequest inspection. The proposed framework analyzes incoming HTTP requests, performs payload decoding and feature extraction, and classifies suspicious traffic through a hybrid detection pipeline. The system is implemented using Flask, Scikit-learn, LightGBM, and a web-based dashboard for monitoring security events. Experimentalresultsindicatethatthehybridapproachimproves detection accuracy and reduces false positives compared to a standalone rule-based model. The proposed solution offers a scalable and adaptive framework for securing modern web applications.
Introduction
The paper proposes an AI-enhanced Web Application Firewall (WAF) to improve protection against modern web attacks such as SQL injection, XSS, command injection, and obfuscated payload exploits. It addresses the limitations of traditional WAFs that rely mainly on static signature rules, which are ineffective against zero-day or modified attacks and often generate false positives.
The system uses a hybrid approach combining:
Rule-based signature detection for fast identification of known attacks
Machine learning-based anomaly detection for unknown or obfuscated threats
Payload decoding and normalization (e.g., URL/Base64 decoding) to expose hidden attacks
A decision engine to allow, block, or log requests
A monitoring dashboard for real-time security tracking
The workflow processes HTTP requests through inspection, decoding, feature extraction, and classification before making a final security decision. The system is implemented using Python (Flask), Scikit-learn/LightGBM, and a web-based dashboard.
Experiments compare rule-based, ML-based, and hybrid methods using metrics like accuracy and false positive rate. Results show the hybrid system performs best, achieving about 96% accuracy with low false positives, outperforming standalone rule-based (82%) and ML-only (91%) systems. It also improves operational visibility through real-time monitoring and attack analytics.
Conclusion
This paper presented an AI-enhanced Web Application Firewall that integrates signature-based attack detection with machine learning-based anomaly detection. The hybrid design improves attack detection capability while maintaining prac-tical deployment behavior for web request inspection. The implementation demonstrates that combining traditional rules with learned classifiers can enhance protection against both explicit and previously unseen web attacks.
References
[1] OWASP Foundation, “OWASP Top 10: The ten most critical webapplication security risks,” 2023.
[2] C. Kruegel and G. Vigna, “Anomaly detection of web-based attacks,”in Proc. 10th ACM Conf. Computer and Communications Security,Washington, DC, USA, 2003, pp. 251–261.
[3] S. Axelsson, “Intrusion detection systems: A survey and taxonomy,”Technical Report 99-15, Chalmers University of Technology, 2000.
[4] H. Debar, M. Dacier, and A. Wespi, “A revised taxonomy for intrusiondetection systems,” Annales des Telecommunications, vol. 55, no. 7–8,pp.361–378,2000.
[5] A. Alazab, M. Hobbs, J. Abawajy, and M. Alazab, “Using machinelearning to detect malicious web requests,” IEEE Security & Privacy,vol. 16, no. 3, pp. 80–87, 2018.
[6] Y. Kim, W. Lee, and Y. Kim, “Deep learning based intrusion detectionsystem for web applications,” IEEE Access, vol. 7, pp. 123–135, 2019.
[7] M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, “A detailed analysisof the KDD Cup 99 data set,” in Proc. IEEE Symp. ComputationalIntelligenceforSecurityandDefenseApplications,Ottawa,ON,Canada,2009, pp. 1–6.
[8] B. Liu, Y. Xiao, and H. Deng, “Cloud-based web application firewallarchitecture,”IEEETrans.CloudComputing,vol.8,no.2,pp.567–578,2020.
[9] J. S. Park, H. Kim, and D. Shin, “Hybrid intrusion detection systemusing machine learning and rule-based detection,” in Proc. IEEE Int.Conf. Information Security, 2018, pp. 1–6.
[10] R. Singh and P. Sharma, “Intelligent web application firewall usingmachine learning for zero-day attack detection,” in Proc. Int. Conf.Advances in Cyber Security, 2021, pp. 45–50.