Skip to content
Snippets Groups Projects
Commit 38d06e7a authored by Rodrigo Martinez's avatar Rodrigo Martinez
Browse files

Fix the matrix loading in the evaluator

parent 2c553a56
Branches
No related tags found
No related merge requests found
...@@ -3,6 +3,8 @@ This module apply machine learning techniques to improve the detection capabilit ...@@ -3,6 +3,8 @@ This module apply machine learning techniques to improve the detection capabilit
This project integrates ModSecurity using LUA with an anomaly detection evaluator implemented in Java. A more detailed description on the evaluator could be found in [this article](https://arxiv.org/abs/1803.05529). This project integrates ModSecurity using LUA with an anomaly detection evaluator implemented in Java. A more detailed description on the evaluator could be found in [this article](https://arxiv.org/abs/1803.05529).
The anomaly detection model has to be trained to protect a Web Application. In this project we provide a train model using a Drupal dataset.
## Installation ## Installation
This module have the following prerequisites: This module have the following prerequisites:
- Apache Server - Apache Server
...@@ -13,16 +15,32 @@ In Fedora install as follow: ...@@ -13,16 +15,32 @@ In Fedora install as follow:
dnf -y install httpd mod_security java dnf -y install httpd mod_security java
The following steps install the ML module To install the last ML module version you should clone as shown:
git clone https://gitlab.fing.edu.uy/gsi/modsec-ml.git /etc/httpd/modsecurity.d/ml git clone https://gitlab.fing.edu.uy/gsi/modsec-ml.git /etc/httpd/modsecurity.d/ml
Include the execution of the script in the ModSecurity configuration. An example of the rule could be found at `lua_rule.conf` Finally include the execution of the script in the ModSecurity configuration. An example of the rule could be found at `lua_rule.conf` and restart the Apache Server.
## configuration ## Configuration
This prototype of the ML Module comes with an evaluator model using an anomaly detection approach. The Java implementation of the anomaly detection evaluator could be found in [this repository](https://gitlab.fing.edu.uy/gsi/waf-ml-oneclass).
## License The model's configuration could be found in the `data` folder of the project. This folder has the following structure:
+-- data
| +-- mydictionary.dic (contains the tokens used by the algorithm as features)
| +-- clusterData (contains one file for each cluster with the model configuration)
The `clusterData` should be train for each new application. For the training process valid requests to the application are needed. We'll be publishing a new application to train the model parameters.
# Contributors
- [Rodrigo Martinez](https://gitlab.fing.edu.uy/rodmart)
- [Juan Diego Campo](https://gitlab.fing.edu.uy/jdcampo)
# Sponsors # Sponsors
![Tilsor Logo](/images/logo.png) ![ICT4V](https://ict4v.org/wp-content/images/ict4v-footer.svg) ![Facultad de Ingeniería - UDELAR](https://www.fing.edu.uy/sites/default/files/cti_flex_logo.png) [<img src="https://www.tilsor.com.uy/images/tilsor/logo.svg" alt="Tilsor Logo" width="150px"/>](https://www.tilsor.com.uy)
![Facultd de Ingeniería - Universidad Católica del Uruguay](https://ucu.edu.uy/sites/all/themes/univer/logo.png) [<img src="https://ict4v.org/wp-content/images/ict4v-footer.svg" alt="ICT4V" width="150px"/>](https://ict4v.org)
[<img src="https://ucu.edu.uy/sites/all/themes/univer/logo.png" alt="Facultd de Ingeniería - Universidad Católica del Uruguay" width="150px"/>](https://ucu.edu.uy)
[<img src="https://www.fing.edu.uy/sites/default/files/cti_flex_logo.png" alt="Facultad de Ingeniería - UDELAR" width="150px"/>](https://fing.edu.uy)
## License
License: Apache 2.0 license, see [LICENSE](https://gitlab.fing.edu.uy/gsi/modsec-ml/blob/master/LICENSE).
No preview for this file type
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment