Reference : Automatically Repairing Web Application Firewalls Based on Successful SQL Injection A...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/31877
Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks
English
Appelt, Dennis [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
Panichella, Annibale mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
In press
The 28th IEEE International Symposium on Software Reliability Engineering (ISSRE)
IEEE
Yes
No
International
The 28th IEEE International Symposium on Software Reliability Engineering (ISSRE)
from 23-10-2017 to 26-10-2017
Toulouse
France
[en] Web Application Firewalls ; Regular Expression Inference ; Web Security
[en] Testing and fixing WAFs are two relevant and complementary challenges for security analysts. Automated testing helps to cost-effectively detect vulnerabilities in a WAF by generating effective test cases, i.e., attacks. Once vulnerabilities have been identified, the WAF needs to be fixed by augmenting its rule set to filter attacks without blocking legitimate requests. However, existing research suggests that rule sets are very difficult to understand and too complex to be manually fixed. In this paper, we formalise the problem of fixing vulnerable WAFs as a combinatorial optimisation problem. To solve it, we propose an automated approach that combines machine learning with multi-objective genetic algorithms. Given a set of legitimate requests and bypassing SQL injection attacks, our approach automatically infers regular expressions that, when added to the WAF's rule set, prevent many attacks while letting legitimate requests go through. Our empirical evaluation based on both open-source and proprietary WAFs shows that the generated filter rules are effective at blocking previously identified and successful SQL injection attacks (recall between 54.6% and 98.3%), while triggering in most cases no or few false positives (false positive rate between 0% and 2%).
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Researchers ; Professionals ; General public
http://hdl.handle.net/10993/31877
FnR ; FNR4800382 > Dennis Appelt > BOSTWAS > Black-Box Security Testing For Web Applications And Services > 01/10/2012 > 30/06/2016 > 2012

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
ISSRE2017.pdfAuthor preprint371.18 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.