International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Artificial Intelligence for Web Application Firewall (WAF): A Comprehensive Review

Abstract

The increasing prevalence of cyberattacks that bypass traditional defenses necessitates prioritizing web application security .So, that create an urgent need to use “firewalls”, especially with web applications. The paper submitted a summary of the search and analysis of the scientific literature on web applications, in addition to the studies that have been suggested model for a “web application firewall (WAF)” that employed features engineering and machine learning to identify frequent online threats. The existing research  examined  WAFs and test their effectiveness in identifying fraudulent requests using "machine learning algorithms" like "Naive Bayes", "k-Nearest Neighbors", "Support Vector Machines", and linear regression. The studies integration of AI algorithms with existing WAF has shown achieved accuracy rates ranging from 92% to 99% to be highly effective in mitigating attacks.

Country : Iraq

1 Aya A. Zaki2 Saja J. Mohammed

  1. Department of Computer Science, College of Computer Science and Mathematics, University of Mosul, Mosul, Iraq
  2. Department of Computer Science, College of Computer Science and Mathematics, University of Mosul, Mosul, Iraq

IRJIET, Volume 8, Issue 11, November 2024 pp. 219-224

doi.org/10.47001/IRJIET/2024.811027

Full Paper
Download

References

  1. Al-Haijaa, Q. A., &Ishtaiwia, A. (2021). Machine learning based model to identify firewall decisions to improve cyber-defense. International Journal on Advanced Science, Engineering and Information Technology11(4), 1688-1695.
  2. P. Kalariya and M. Jethva, “Progress Report: ML assisted Web application firewall,” Nov. 2023. Accessed: Nov. 20, 2023. [Online]. Available: https://brightspace.uwindsor.ca/d2l/lms/dropbox/user/folder_user_vie w_feedback.d2l?db=71493&grpid=0&isprv=0&bp=0&ou=146289.
  3. Sharma, S., Zavarsky, P., &Butakov, S. (2020, May). Machine learning based intrusion detection system for web-based attacks. In 2020 IEEE 6th intl conference on big data security on cloud (BigDataSecurity), IEEE Intl conference on high performance and smart computing,(HPSC) and IEEE Intl conference on intelligent data and security (IDS) (pp. 227-230). IEEE.
  4. E. Ucar, E. Ozhan, “The Analysis of Firewall Policy Through Machine Learning and Data Mining”, Wireless Personal Communication, Springer, vol. 96, p.p. 2891–2909, 2017.
  5. Mohammed, S.J., Taha, D.B. Paillier cryptosystem enhancement for Homomorphic Encryption technique. Multimed Tools Appl 83, 22567–22579 (2024). https://doi.org/10.1007/s11042-023-16301-0.
  6. Mohammed SJ, Taha DB (2021) Privacy Preserving Algorithm using Chao-Scattering of Partial Homomorphic Encryption. J Phys: Conf Ser. https://doi.org/10.1088/1742-6596/1963/1/012154.
  7. Mohammed SJ, Taha DB (2021) From Cloud Computing Security towards Homomorphic Encryption: A Comprehensive Review. Telkomnika (Telecommunication Computing Electronics and Control) 9(4). https://doi.org/10.12928/telkomnika.v19i4.16875.
  8. Mohammed, S.J. (2024). Developing a Hybrid Pseudo-Random Numbers Generator. In: Rasheed, J., Abu-Mahfouz, A.M., Fahim, M. (eds) Forthcoming Networks and Sustainability in the AIoT Era. FoNeS-AIoT 2024. Lecture Notes in Networks and Systems, vol 1036. Springer, Cham. https://doi.org/10.1007/978-3-031-62881-8_23.
  9. Brain. G. Caspi, “Introducing Deep Learning: Boosting Cybersecurity with an Artificial Informa Tech” Dark Reading, Analytics http://www.darkreading.com/analytics, 2016.
  10. Hammadi, Dhafar S., Ansam N. Younis, Fawziya M. Ramo. (2021) Hybridization and modification of the pso algorithm and its use in personal recognition by opg x-ray. Journal of Engineering Science and Technology 16.1 pp: 325-338.
  11. Q. A. Al-Haija, S. Zein-Sabatto, "An Efficient Deep-Learning-Based Detection and Classification System for Cyber-Attacks in IoT Communication Networks" Electronics, MDPI, vol. 9, no. 12: paper no. 2152., 2020.
  12. Dawadi, B. R., Adhikari, B., & Srivastava, D. K. (2023). Deep learning technique-enabled web application firewall for the detection of web attacks. Sensors23(4), 2073.
  13. RománGallego, J. Á., PérezDelgado, M. L., Viñuela, M. L., & VegaHernández, M. C. Artificial Intelligence Web Application Firewall for advanced detection of web injection attacks. Expert Systems, e13505. (2023).
  14. Čisar, P., Popović, B., Kuk, K., Čisar, S. M., & Vuković, I. (2022). Machine Learning Aspects of Internet Firewall Data. In Security-Related Advanced Technologies in Critical Infrastructure Protection: Theoretical and Practical Approach (pp. 43-59). Dordrecht: Springer Netherlands.
  15. Q. Niu and X. Li, “A high-performance web attack detection method based on CNN-GRU model,” in Proceedings of the 2020 IEEE 4thInformation Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 804–808, IEEE, Chongqing, China, June 2020.
  16. R. Kumari and S. K. Srivastava, “Machine learning: a review on binary classification,” International Journal of Computer Application, vol. 160, p. 7, 2017.
  17. H. Fadhil and A. R. Hakim, "Classification Model of Web Application Attacks," 2021 6th International Workshop on Big Data and Information Security (IWBIS), Depok, Indonesia, 2021, pp. 87-90, doi: 10.1109/IWBIS53353.2021.9631851.
  18. Shaheed, A., & Kurdy, M. B. (2022). Web application firewall using machine learning and features engineering. Security and Communication Networks2022(1), 5280158.
  19. Kalariya, P., Jethva, M., &Alginahi, Y. (2024, April). ML Assisted Web Application Firewall. In 2024 12thInternational Symposium on Digital Forensics and Security (ISDFS) (pp. 1-6). IEEE.
  20. Li, P., Wang, Y., Li, Q., Liu, Z., Xu, K., Ren, J.,.. & Lin, R. (2023, November). Learning from Limited Heterogeneous Training Data: Meta-Learning for Unsupervised Zero-Day Web Attack Detection across Web Domains. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (pp. 1020-1034).
  21. RománGallego, J. Á., PérezDelgado, M. L., Viñuela, M. L., & VegaHernández, M. C. Artificial Intelligence Web Application Firewall for advanced detection of web injection attacks. Expert Systems, e13505. (2023).
  22. Demetrio, L., Valenza, A., Costa, G. and Lagorio, G., (2020) WAF-A-MoLE: evading web application firewalls through adversarial machine learning. In Proceedings of the 35th Annual ACM Symposium on Applied Computing (pp. 1745-1752).
  23. RománGallego, J. Á., PérezDelgado, M. L., Viñuela, M. L., & VegaHernández, M. C. Artificial Intelligence Web Application Firewall for advanced detection of web injection attacks. Expert Systems, e13505. (2023).
  24. Čisar, P., Popović, B., Kuk, K., Čisar, S. M., & Vuković, I. (2022). Machine Learning Aspects of Internet Firewall Data. In Security-Related Advanced Technologies in Critical Infrastructure Protection: Theoretical and Practical Approach (pp. 43-59). Dordrecht: Springer Netherlands.
  25. X. D. Hoang, “Detecting common web attacks based on machine learning using web log,” in Proceedings of the International Conference on Engineering Research and Appli cations, pp. 311–318, Springer, ai Nguyen, December 2020.
  26. Mahesh, B. (2020). Machine learning algorithms-a review. International Journal of Science and Research (IJSR).[Internet]9(1), 381-386.
  27. G. T. Reddy, S. Bhattacharya, S. S. Ramakrishnan et al., “An ensemble based machine learning model for diabetic retinopathy classification,” in Proceedings of the 2020 International Conference on Emerging Trends in Information Technology and Engineering (Ic-ETITE), pp. 1–6, IEEE, Vel lore, India, Feb 2020.
  28. J.J. Praise, R.J Raj, J.V. Benifa, “Development of Reinforcement Learning and Pattern Matching (RLPM) Based Firewall for Secured Cloud Infrastructure”, Wireless Personal Communication, Springer, vol.115, p.p. 993–1018, 2020.
  29. Khalid, M. N., Farooq, H., Iqbal, M., Alam, M. T., & Rasheed, K. (2019). Predicting web vulnerabilities in web applications based on machine learning. In Intelligent Technologies and Applications: First International Conference, INTAP 2018, Bahawalpur, Pakistan, October 23-25, 2018, Revised Selected Papers 1 (pp. 473-484). Springer Singapore.
  30. Al-Garadi, M. A., Mohamed, A., Al-Ali, A. K., Du, X., Ali, I., & Guizani, M. (2020). A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Communications Surveys & Tutorials, 22(3), 1646-1685.
  31. S. Sharma, P. Zavarsky, and S. Butakov, “Machine learning based intrusion detection system for web-based attacks,” in Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pp. 227–230, IEEE, Baltimore, MD, USA, May 2020.
  32. Appelt, D., Nguyen, C. D., Panichella, A., & Briand, L. C. (2018). A machine-learning-driven evolutionary approach for testing web application firewalls. IEEE Transactions on Reliability67(3), 733-757.
  33. Ho, T. P., Nam, H. T., & Thang, N. M. (2022). A new approach to improving web application firewall performance based on support vector machine method with analysis of Http request. HộithảonghiêncứuứngdụngMật mã và Antoànthông tin1(15), 62-73.
  34. Annas, M., Adek, R. T., &Afrillia, Y. (2024). Web Application Firewall (WAF) Design to Detect and Anticipate Hacking in Web-Based Applications. Journal of Advanced Computer Knowledge and Algorithms1(3), 52-58.

Copyright @ 2026-2017 IRJIET. All Right Reserved.

Developed by Byzero Technologies