WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs | Zendy

Andrea Valenza | Zendy; Luca Demetrio | Zendy; Gabriele Costa | Zendy; Giovanni Lagorio | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs

Author(s) -

Andrea Valenza,

Luca Demetrio,

Gabriele Costa,

Giovanni Lagorio

Publication year - 2019

Publication title -

softwarex

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.528

H-Index - 21

ISSN - 2352-7110

DOI - 10.1016/j.softx.2019.100367

Subject(s) - benchmarking , computer science , adversarial system , fuzz testing , computer security , machine learning , artificial intelligence , programming language , software , marketing , business

Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer their rules through a learning process. In this paper, we present WAF-A-MoLE, a WAF breaching tool. It uses guided mutational-based fuzzing to generate adversarial examples. The main applications include WAF( i )penetration testing,( i i )benchmarking and( i i i )hardening.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research