@@ -3,6 +3,8 @@ This module apply machine learning techniques to improve the detection capabilit
...
@@ -3,6 +3,8 @@ This module apply machine learning techniques to improve the detection capabilit
This project integrates ModSecurity using LUA with an anomaly detection evaluator implemented in Java. A more detailed description on the evaluator could be found in [this article](https://arxiv.org/abs/1803.05529).
This project integrates ModSecurity using LUA with an anomaly detection evaluator implemented in Java. A more detailed description on the evaluator could be found in [this article](https://arxiv.org/abs/1803.05529).
The anomaly detection model has to be trained to protect a Web Application. In this project we provide a train model using a Drupal dataset.
## Installation
## Installation
This module have the following prerequisites:
This module have the following prerequisites:
- Apache Server
- Apache Server
...
@@ -13,16 +15,32 @@ In Fedora install as follow:
...
@@ -13,16 +15,32 @@ In Fedora install as follow:
dnf -y install httpd mod_security java
dnf -y install httpd mod_security java
The following steps install the ML module
To install the last ML module version you should clone as shown:
Include the execution of the script in the ModSecurity configuration. An example of the rule could be found at `lua_rule.conf`
Finally include the execution of the script in the ModSecurity configuration. An example of the rule could be found at `lua_rule.conf` and restart the Apache Server.
## configuration
## Configuration
This prototype of the ML Module comes with an evaluator model using an anomaly detection approach. The Java implementation of the anomaly detection evaluator could be found in [this repository](https://gitlab.fing.edu.uy/gsi/waf-ml-oneclass).
## License
The model's configuration could be found in the `data` folder of the project. This folder has the following structure:
+-- data
| +-- mydictionary.dic (contains the tokens used by the algorithm as features)
| +-- clusterData (contains one file for each cluster with the model configuration)
The `clusterData` should be train for each new application. For the training process valid requests to the application are needed. We'll be publishing a new application to train the model parameters.
[<img src="https://ucu.edu.uy/sites/all/themes/univer/logo.png" alt="Facultd de Ingeniería - Universidad Católica del Uruguay" width="150px"/>](https://ucu.edu.uy)
[<img src="https://www.fing.edu.uy/sites/default/files/cti_flex_logo.png" alt="Facultad de Ingeniería - UDELAR" width="150px"/>](https://fing.edu.uy)
## License
License: Apache 2.0 license, see [LICENSE](https://gitlab.fing.edu.uy/gsi/modsec-ml/blob/master/LICENSE).