Correlation analysis for reducing signature-based WAF false positives rates

This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysi...

Full description

Bibliographic Details
Main Authors: Valeriya Grigorjevna Shervarly, Dennis Yurievich Gamayunov
Format: Article
Language:English
Published: Moscow Engineering Physics Institute 2015-12-01
Series:Bezopasnostʹ Informacionnyh Tehnologij
Subjects:
Online Access:https://bit.mephi.ru/index.php/bit/article/view/63
id doaj-23ae035fbac742bbac8637eceb7054db
record_format Article
spelling doaj-23ae035fbac742bbac8637eceb7054db2020-11-24T23:52:57ZengMoscow Engineering Physics Institute Bezopasnostʹ Informacionnyh Tehnologij2074-71282074-71362015-12-0122463Correlation analysis for reducing signature-based WAF false positives ratesValeriya Grigorjevna Shervarly0Dennis Yurievich Gamayunov1Lomonosov Moscow State UniversityLomonosov Moscow State UniversityThis paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysis of the relationship between the total number of HTTP-transactions observed by WAF, and the number of signatures alerts. The proposed method doesn't require the learning phase, and may be used in production in continuous manner, making it more comfortable for the end user of the WAF.https://bit.mephi.ru/index.php/bit/article/view/63intrusion detectionweb application securitycorrelation analysis
collection DOAJ
language English
format Article
sources DOAJ
author Valeriya Grigorjevna Shervarly
Dennis Yurievich Gamayunov
spellingShingle Valeriya Grigorjevna Shervarly
Dennis Yurievich Gamayunov
Correlation analysis for reducing signature-based WAF false positives rates
Bezopasnostʹ Informacionnyh Tehnologij
intrusion detection
web application security
correlation analysis
author_facet Valeriya Grigorjevna Shervarly
Dennis Yurievich Gamayunov
author_sort Valeriya Grigorjevna Shervarly
title Correlation analysis for reducing signature-based WAF false positives rates
title_short Correlation analysis for reducing signature-based WAF false positives rates
title_full Correlation analysis for reducing signature-based WAF false positives rates
title_fullStr Correlation analysis for reducing signature-based WAF false positives rates
title_full_unstemmed Correlation analysis for reducing signature-based WAF false positives rates
title_sort correlation analysis for reducing signature-based waf false positives rates
publisher Moscow Engineering Physics Institute
series Bezopasnostʹ Informacionnyh Tehnologij
issn 2074-7128
2074-7136
publishDate 2015-12-01
description This paper addresses the problem of reducing the number of false positives of signature-based WAF. We propose an automatic method for detecting specific signatures which give high FP rates for the given web application using correlation analysis. The proposed method is based on a statistical analysis of the relationship between the total number of HTTP-transactions observed by WAF, and the number of signatures alerts. The proposed method doesn't require the learning phase, and may be used in production in continuous manner, making it more comfortable for the end user of the WAF.
topic intrusion detection
web application security
correlation analysis
url https://bit.mephi.ru/index.php/bit/article/view/63
work_keys_str_mv AT valeriyagrigorjevnashervarly correlationanalysisforreducingsignaturebasedwaffalsepositivesrates
AT dennisyurievichgamayunov correlationanalysisforreducingsignaturebasedwaffalsepositivesrates
_version_ 1725471300712923136