Skip to content
Snippets Groups Projects
Commit a91ff937 authored by Juan Diego Campo's avatar Juan Diego Campo
Browse files

Minor rewritings to README

parent 38d06e7a
No related branches found
No related tags found
No related merge requests found
# ModSecurity and Machine Learning Module
This module apply machine learning techniques to improve the detection capabilities of the WAF ModSecurity giving particular importance to the task of diminishing the false positives generated by this tool when is set out to protect a web application without reducing the true positive rate.
This module applies machine learning techniques to improve the
detection capabilities of the ModSecurity WAF, giving particular
importance to diminishing the false positives generated by this tool
when it is set out to protect a web application, without reducing the
true positive rate.
This project integrates ModSecurity using LUA with an anomaly detection evaluator implemented in Java. A more detailed description on the evaluator could be found in [this article](https://arxiv.org/abs/1803.05529).
The anomaly detection model has to be trained to protect a Web Application. In this project we provide a train model using a Drupal dataset.
The anomaly detection model has to be trained to protect a Web Application. In this project we provide a model trained using a Drupal dataset.
## Installation
This module have the following prerequisites:
This module has the following prerequisites:
- Apache Server
- ModSecurity module
- Java virtual machine
In Fedora install as follow:
In Fedora, install as follows:
dnf -y install httpd mod_security java
To install the last ML module version you should clone as shown:
To install the latest ML module version you should clone as shown:
git clone https://gitlab.fing.edu.uy/gsi/modsec-ml.git /etc/httpd/modsecurity.d/ml
Finally include the execution of the script in the ModSecurity configuration. An example of the rule could be found at `lua_rule.conf` and restart the Apache Server.
Finally, include the execution of the script in the ModSecurity
configuration and restart the Apache Server. An example of the rule
can be found at `lua_rule.conf`.
## Configuration
This prototype of the ML Module comes with an evaluator model using an anomaly detection approach. The Java implementation of the anomaly detection evaluator could be found in [this repository](https://gitlab.fing.edu.uy/gsi/waf-ml-oneclass).
This prototype of the ML Module comes with an evaluator model that
uses an anomaly detection approach. The Java implementation of the
anomaly detection evaluator can be found in [this
repository](https://gitlab.fing.edu.uy/gsi/waf-ml-oneclass).
The model's configuration could be found in the `data` folder of the project. This folder has the following structure:
The model configuration is located in the `data` folder of the project
and has the following structure:
+-- data
| +-- mydictionary.dic (contains the tokens used by the algorithm as features)
| +-- clusterData (contains one file for each cluster with the model configuration)
The `clusterData` should be train for each new application. For the training process valid requests to the application are needed. We'll be publishing a new application to train the model parameters.
The `clusterData` should be trained using valid requests for each new
application. We plan to release a separate program to do the training
of the model parameters.
# Contributors
- [Rodrigo Martinez](https://gitlab.fing.edu.uy/rodmart)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment